Key Points
- Limit telemetry in Settings or Group Policy (AllowTelemetry), then use Delete diagnostic data or a PowerShell script that stops DiagTrack and removes cached telemetry files.
- Telemetry logs are cached in C:\ProgramData\Microsoft\Diagnosis\ and C:\Windows\System32\LogFiles\WMI\RtBackup\, which are key paths for cleanup and compliance validation.
- Schedule PowerShell scripts and enforce policy via RMM to centrally delete diagnostic data while preserving critical logs for audits and incident response.
When you delete diagnostic data in Windows 11, you must protect user privacy, meet compliance requirements, and retain logs for troubleshooting, updates, and incident response. Striking that balance is even harder when you manage countless endpoints across different Windows editions.
This walkthrough covers what diagnostic data is, where Windows 11 stores it, how to reduce future collection, and how to safely delete existing telemetry using built-in tools, policy, registry changes, and PowerShell automation.
What is diagnostic data in Windows 11?
Diagnostic data, often referred to as telemetry, includes information Windows sends to Microsoft to support reliability, security, and servicing. That data can include crash reports, device configuration details, and usage signals tied to system components.
In Windows 11, Microsoft groups telemetry into Required and Optional diagnostic data. Required data supports core functionality such as Windows Update, device security, and basic reliability. Optional data, on the other hand, includes more detailed usage and diagnostic signals.
On managed editions, you can control these settings through policy. On Home editions, control can be limited and often requires registry changes to achieve similar results. That said, understanding what Windows collects and why can help you decide what to limit and what to retain so you don’t remove information your team may need later.
Where Windows 11 stores diagnostic data
Before uploading, Windows first caches diagnostic data locally. Knowing where that data lives can make it easier to verify settings, script cleanups, and confirm removal.
Common locations include:
- C:\ProgramData\Microsoft\Diagnosis\DownloadedLogs.etl
- C:\ProgramData\Microsoft\Diagnosis\ETLLogs\
- C:\Windows\System32\LogFiles\WMI\RtBackup\
Not every system uses all locations, though, and paths can vary by build and installed features. For example, Pro and Enterprise editions honor Group Policy and MDM settings, while Home editions rely on settings and registry keys. Understanding this difference is important when planning a bulk cleanup.
Configuring diagnostic data and telemetry levels
Make sure you limit future data collection before deleting what’s already stored. If you don’t, Windows will simply recreate the same files after cleanup.
Windows 11: Disable telemetry using Settings
For individual systems, start in Settings > Privacy & security > Diagnostics & feedback. Set diagnostic data to the lowest level supported by the edition. Turn off optional diagnostic data, adjust the feedback frequency, and disable inking and typing personalization if they aren’t required.
These changes reduce the amount of data Windows collects, particularly on Home and Pro editions. They don’t remove all telemetry, but they narrow the scope and make cleanup easier to validate.
Managing diagnostic data with Group Policy
On Pro, Enterprise, and Education editions, Group Policy lets you enforce the same telemetry settings across all devices instead of configuring them one by one.
Navigate to:
- “Computer Configuration”
- Click on “Administrative Templates”
- Open “Windows Components”
- Select “Data Collection and Preview Builds”
- Set “Allow Diagnostic Data (AllowTelemetry)” to the lowest supported value:
- 0 (Off) for Enterprise/Education
- 1 (Required) for Pro
Apply the policy via Active Directory or MDM, and let it propagate. Establishing policy first will prevent configuration drift and ensure cleanup actions don’t conflict with future collection.
How to delete diagnostic data in Windows 11
Once you’ve limited what Windows collects going forward, you can clean up the data that’s already stored on disk. The key is to start with supported tools, then move to scripts only when you need deeper or repeatable cleanup.
Deleting diagnostic data using built-in Windows tools
For a quick and supported cleanup, start with the Settings app. On the device, go to Settings > Privacy & security > Diagnostics & feedback, then select Delete under Delete diagnostic data.
This clears diagnostic data Windows has cached locally and plans to upload later. It won’t remove every telemetry-related file on the system, but it’s a safe first step and an easy way to confirm that your policy and Settings changes are actually taking effect.
Use this method when you’re validating configuration changes or cleaning up individual devices.
Removing diagnostic data manually or with scripts
When you need more control, scripting gives you a predictable way to remove known telemetry files.
Most Windows telemetry is handled by the Connected User Experiences and Telemetry service (DiagTrack). The general approach is straightforward: stop the service, remove the files Windows uses for telemetry caching, then restart the service so normal operations continue.
Stop-Service -Name DiagTrack -ErrorAction SilentlyContinue
Remove-Item “C:\ProgramData\Microsoft\Diagnosis\*.etl” -Force -ErrorAction SilentlyContinue
Remove-Item “C:\ProgramData\Microsoft\Diagnosis\ETLLogs\*” -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item “C:\Windows\System32\LogFiles\WMI\RtBackup\*” -Force -ErrorAction SilentlyContinue
Start-Service -Name DiagTrack -ErrorAction SilentlyContinue
Wrap this logic in a PowerShell script with basic error handling and logging so you know exactly what ran and where. Always test on a small pilot group first, especially if devices are enrolled in Intune or subject to compliance policies that depend on telemetry signals.
Managing risk while deleting diagnostic data
Some diagnostic data is useful when things go wrong. Crash dumps, event logs, and trace files can be critical during incident response or root-cause analysis.
Before you remove anything, decide what you want to keep. Back up recent crash dumps, export event logs tied to active investigations, and document what gets deleted. Logging cleanup actions with timestamps and device names makes audits easier and helps you avoid guesswork later.
After cleanup, keep an eye on Windows Update behavior and device health indicators. Testing changes on a pilot group first helps you catch side effects before they reach production.
Delete diagnostic data at scale using automation
Manual cleanup only works up to a point. If you need to delete diagnostic data across many devices, you’ll want scripted PowerShell cleanups scheduled through Task Scheduler and triggered or monitored through your RMM, with logs captured for audit proof.
Clear Windows telemetry data with PowerShell
A reusable PowerShell function lets you apply the same cleanup logic across devices and record what happened.
function Clear-TelemetryData {
$edition = (Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion”).EditionID
Stop-Service DiagTrack -ErrorAction SilentlyContinue
Remove-Item “C:\ProgramData\Microsoft\Diagnosis\*.etl” -Force -ErrorAction SilentlyContinue
Remove-Item “C:\Windows\System32\LogFiles\WMI\RtBackup\*” -Force -ErrorAction SilentlyContinue
Start-Service DiagTrack -ErrorAction SilentlyContinue
Add-Content “C:\Logs\TelemetryCleanup.log” “$(Get-Date) – Cleared telemetry on $env:COMPUTERNAME ($edition)”
}
Schedule this to run after patch windows or trigger it through your RMM as part of routine maintenance. Keeping it idempotent means reruns won’t cause failures or unexpected behavior.
Preserve critical diagnostic data
Automation should remove what you don’t need without deleting evidence you might rely on later. Add pre-cleanup steps to archive memory dumps and event logs to secure storage, with retention aligned to your compliance requirements.
If telemetry settings tend to drift, include a quick check for policy values under HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection before running cleanup. Correcting settings first will prevent Windows from increasing collection levels again after files are removed.
Balancing privacy and stability
Deleting diagnostic data in Windows 11 works best as a two-step process: limit future collection first, then remove what’s already stored. Combining Settings, Group Policy, or registry controls with scripted cleanup gives you predictable results without breaking updates or support workflows.
With a consistent approach, you can reduce stored telemetry, keep the logs that matter, and satisfy audit and privacy requirements without adding operational risk.
Simplify telemetry management across your fleet
NinjaOne brings endpoint management, monitoring, patching, and automation into one platform. You can enforce telemetry policy, schedule cleanup jobs, collect logs, and document actions without stitching together separate tools.
Try NinjaOne free to see how centralized IT management makes telemetry controls easier to maintain across multiple Windows environments.
