This article provides a curated collection of PowerShell scripts designed to reduce telemetry, tracking,
and privacy‑invasive features in Windows 11. Each script targets a specific Windows component using
registry policies or supported per‑user settings, allowing advanced users to apply granular controls
without relying on third‑party tools.
Run PowerShell as Administrator before applying these changes. Each section below is independent:
you can copy and run only the scripts you need, in any order, depending on your privacy goals.
Important note about permissions
Some scripts in this article modify system‑wide registry keys (HKLM) and must be executed
from an elevated PowerShell session (Run as Administrator).
Other scripts target per‑user settings (HKCU) and can be run from a standard PowerShell window.
What “works” means on Windows 11
When applying privacy‑related PowerShell scripts on Windows 11, it is important to understand the difference
between a script executing correctly and the operating system actually enforcing the setting.
1. The script executes correctly
- The PowerShell command runs without errors
- The registry key is created or modified successfully
- The value remains present after reboot
From a technical standpoint, the script works.
2. Windows 11 decides what is enforced
Starting with Windows 11, Microsoft changed how much control users have over certain system behaviors.
Not all configuration methods are treated equally by the operating system.
| Setting type |
Behavior |
| UI toggle |
May be ignored or overridden |
| Registry (HKCU) |
Usually applied |
| Registry (HKLM Policies) |
Applied only if the Windows edition allows it |
This means a registry value can exist and remain unchanged, while Windows 11 still enforces its own minimum
behavior internally.
Important: On Windows 11 Home and Pro, Microsoft enforces a minimum level of diagnostic data collection.
Registry policies can reduce some signals, but cannot fully disable telemetry.
Disable Telemetry and Diagnostic Data
What it does: Enforces policy values that reduce Windows telemetry and diagnostic data collection.
These keys are commonly used in managed environments to control diagnostics behavior through policies.
By writing both machine-level (HKLM) and user-level (HKCU) values, the script aims to make the setting
more resilient across user sessions.
What to expect: Some diagnostic prompts and background reporting are reduced, but Windows can still
collect certain required data depending on edition/build and Microsoft’s service requirements.
In enterprise environments, policy-based settings generally take precedence over UI toggles.
Important: On Windows 11 Home and Pro, Microsoft enforces a minimum level of diagnostic data collection.
Registry policies can reduce some signals, but cannot fully disable telemetry.
Script:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" `
-Name "AllowTelemetry" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" `
-Name "AllowTelemetry" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" `
-Name "AllowDiagnosticData" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" `
-Name "AllowDiagnosticData" -Value 0 -Type DWord -Force
Disable Location Tracking
What it does: Sets the per-user consent state for location capability to Deny.
This targets the Windows capability consent store used to decide whether apps and system components
are allowed to access location at the user level.
What to expect: Location-aware features (Maps, Weather, Find my device behaviors, and some
third-party apps) may stop using location automatically. You can later revert by changing the consent
value back to Allow or using Windows Settings if it reflects the policy state.
Script:
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" `
-Name "Value" -Value "Deny" -Type String -Force
Disable Advertising ID
What it does: Disables the per-user Advertising ID flag used by apps to deliver personalized
advertising and cross-app profiling signals. This is a privacy improvement that reduces ad personalization
across Microsoft Store apps and participating services.
What to expect: You may still see ads, but they should be less personalized. This does not disable
all telemetry—it's specifically about ad personalization identifiers at the user level.
Script:
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" `
-Name "Enabled" -Value 0 -Type DWord -Force
Disable Wi‑Fi Sense
What it does: Turns off a policy manager value related to Wi‑Fi hotspot reporting.
This is intended to reduce network-related sharing/reporting behaviors associated with Wi‑Fi Sense‑style features.
What to expect: Wi‑Fi behavior remains normal for typical connectivity, but optional reporting/sharing
features may be reduced. On some builds/editions, policy manager keys may behave differently depending on how the OS
consumes them, but the command itself is valid and safe as a configuration write.
Script:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" `
-Name "value" -Value 0 -Type DWord -Force
Disable Cortana
What it does: Disables the Cortana feature flag at the current user level, reducing Cortana integration
and background behaviors tied to voice assistant functionality and legacy Cortana hooks in Search.
What to expect: Modern Windows 11 builds have already reduced Cortana’s presence, but this can still be useful
on systems where Cortana components or older integrations are active. Search should continue to work normally.
Script:
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" `
-Name "AllowCortana" -Value 0 -Type DWord -Force
Disable Feedback and User Experience Features
What it does: Reduces “feedback frequency” style prompts and limits some consumer-facing UX signals.
It also prevents automatic device metadata downloads (used for icons/info pulled from the network) and disables
the “Recently added apps” surfacing in the Start/Launcher experience.
What to expect: You should see fewer prompts asking for feedback, fewer network lookups related to device metadata,
and a cleaner Start experience. None of these changes are required for system stability; they are quality-of-life and privacy
hardening tweaks.
Script:
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Siuf\Rules" `
-Name "NumberOfSIUFInPeriod" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" `
-Name "PreventDeviceMetadataFromNetwork" -Value 1 -Type DWord -Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell\Launcher" `
-Name "Launcher_ShowRecentlyAddedApps" -Value 0 -Type DWord -Force
Disable Windows Copilot (Registry Method)
What it does: Creates a policy key for Windows Copilot under the current user hive and sets the
TurnOffWindowsCopilot flag. This is the closest approach to a policy-style disable for user scope,
and is particularly useful where Group Policy Editor is not available.
What to expect: Copilot entry points can be suppressed depending on build and rollout state.
Feature exposure can vary across regions/updates, so consider this a “policy hardening” attempt rather
than a guaranteed removal of all binaries.
Script:
New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows" -Name "WindowsCopilot" -Force
Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\WindowsCopilot" `
-Name "TurnOffWindowsCopilot" -Value 1 -Type DWord -Force
Disable Copilot via Group Policy (Windows 11 Pro/Enterprise)
What it does: Uses the official administrative template policy to disable Windows Copilot.
This is the cleanest approach on Pro/Enterprise, because policy processing is designed to override
user toggles and keep configuration consistent.
What to expect: Copilot will be disabled for the targeted user scope where the policy is applied.
In managed environments, this is the preferred method because it’s auditable and consistent across devices.
Script:
# Open Group Policy Editor
gpedit.msc
# Navigate to:
User Configuration → Administrative Templates → Windows Components → Windows Copilot
# Set:
Turn off Windows Copilot → Enabled
Hide Copilot Button from Taskbar
What it does: Removes the Copilot button from the taskbar UI surface only.
This is a presentation-level change that reduces accidental launches and visual clutter.
What to expect: Copilot may still exist in the OS depending on your build; this does not enforce
a policy disable. It’s best used when you want a cleaner taskbar without deeper system policy changes.
Script:
# Open Settings
Settings → Personalization → Taskbar
# Toggle Off:
Copilot (preview)
Disable Copilot in Microsoft Edge
What it does: Disables the Copilot entry point in Microsoft Edge’s sidebar.
This is independent from Windows Copilot and specifically targets the browser UI integration.
What to expect: Edge stops showing the Copilot button/entry point in the sidebar, but other AI features
or services in Edge may remain depending on your configuration and Microsoft account state.
Script:
Edge → Settings → Sidebar → Copilot → Disable “Show Copilot button”
Disable Copilot in Microsoft Office
What it does: Turns off Copilot integration within Office applications (where available),
preventing the UI feature from surfacing in supported apps such as Word, Excel, and Outlook.
What to expect: Availability depends on subscription/licensing and your Office build.
Disabling the toggle hides or disables the Copilot surface inside Office, but does not remove Office components.
Script:
Office → File → Options → Copilot → Uncheck “Enable Copilot”
Disable Background Apps
What it does: Disables background execution for Microsoft Store apps at the current user level.
This reduces persistent background activity that can include network requests, notifications, and telemetry.
What to expect: Some apps may update less frequently, sync less often, or delay notifications until opened.
If you rely on a specific app’s background functionality, consider leaving this enabled or managing per-app settings.
Script:
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" `
-Name "GlobalUserDisabled" -Value 1 -Type DWord -Force
Disable App Suggestions and Consumer Features
What it does: Disables Content Delivery Manager entries that are commonly linked with
suggested/promoted app content and consumer‑oriented recommendations. This reduces “recommended content”
behaviors that can feel like advertising inside the OS experience.
What to expect: Fewer suggested apps/tips/promotional items in certain Windows surfaces.
The exact effect can vary by region and build, but the goal is consistent: reduce consumer content injection.
Script:
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" `
-Name "SubscribedContent-338388Enabled" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" `
-Name "SubscribedContent-353694Enabled" -Value 0 -Type DWord -Force
Disable Activity History (Timeline)
What it does: Disables policy values controlling the Activity Feed and activity publishing/uploading.
This targets Windows features that can store activity history locally and/or sync it across devices (depending on configuration).
What to expect: Reduced activity history behavior and less cross-device activity sync potential.
Note that modern Windows has evolved Timeline over time, so visible UI impact may be smaller on recent builds,
but these policy values remain relevant as hardening controls.
Script:
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" `
-Name "EnableActivityFeed" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" `
-Name "PublishUserActivities" -Value 0 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows\System" `
-Name "UploadUserActivities" -Value 0 -Type DWord -Force
Disable Windows Error Reporting
What it does: Disables Windows Error Reporting at the machine level, which can reduce the sending of crash
and fault data to Microsoft. This targets the WER subsystem used for reporting application and OS faults.
What to expect: You may lose some automated “send report” workflows and certain troubleshooting conveniences.
In exchange, you reduce outbound diagnostic reporting related to crashes. For managed or privacy-focused systems,
this is a common hardening step.
Script:
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\Windows Error Reporting" `
-Name "Disabled" -Value 1 -Type DWord -Force
Important notice: This article and the included scripts are provided for educational and informational purposes only.
Any registry changes, policy edits, or PowerShell commands are applied at your own risk. Windows behavior can vary depending on
edition, build, and installed updates. The author does not take responsibility for data loss, system instability, update issues,
or other outcomes resulting from applying these changes. Always test on a non‑production system first, and ensure you have a full
backup or restore plan before proceeding.
Comments
Post a Comment