Dans notre monde numérique, la confidentialité et la sécurité des données sont devenues primordiales. La popularité croissante de Windows 10 s’accompagne d’inquiétudes quant à ses fonctionnalités de collecte de données. Pour les professionnels de l’informatique et les fournisseurs de services gérés (MSP), il est essentiel de comprendre et de contrôler ces fonctionnalités. Cet article présente un script PowerShell conçu pour activer ou désactiver les capacités de collecte de données de Windows 10.
Contexte
Windows 10, comme de nombreux systèmes d’exploitation modernes, intègre des fonctions de télémétrie et de collecte de données. Elles visent à améliorer l’expérience de l’utilisateur en collectant des données sur les habitudes d’utilisation, les erreurs, et bien plus. Toutefois, pour diverses raisons, notamment les préoccupations en matière de protection de la vie privée et de conformité réglementaire, les professionnels de l’informatique et les entreprises MSP doivent souvent contrôler ces fonctions. Le script fourni permet de gérer ces paramètres de manière simplifiée.
Le script
#Requires -Version 5.1
<#
.SYNOPSIS
Enables or Disabled Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.DESCRIPTION
Enables or Disabled Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
No Params needed to Disable Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
-Enable
Enables Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
PS C:> Set-Windows10KeyLogger.ps1
Disables Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
PS C:> Set-Windows10KeyLogger.ps1 -Enable
Enables Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.OUTPUTS
None
.NOTES
Minimum OS Architecture Supported: Windows 10
Release Notes:
Initial Release
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/fr/conditions-dutilisation
Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider.
Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
.COMPONENT
OSSecurity
#>
[CmdletBinding()]
param (
[Parameter()]
[Switch]
$Enable
)
begin {
function Test-IsElevated {
$id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$p = New-Object System.Security.Principal.WindowsPrincipal($id)
if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))
{ Write-Output $true }
else
{ Write-Output $false }
}
function Set-ItemProp {
param (
$Path,
$Name,
$Value,
[ValidateSet('DWord', 'QWord', 'String', 'ExpandedString', 'Binary', 'MultiString', 'Unknown')]
$PropertyType = 'DWord'
)
New-Item -Path $Path -Force | Out-Null
if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {
Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false | Out-Null
}
else {
New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false | Out-Null
}
}
$Type = "DWORD"
}
process {
if (-not (Test-IsElevated)) {
Write-Error -Message "Access Denied. Please run with Administrator privileges."
exit 1
}
$Value = if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) { 1 }else { 0 }
try {
@(
# Linguistic Data Collection
[PSCustomObject]@{
Path = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesTextInput"
Name = "AllowLinguisticDataCollection"
}
# Advertising ID
[PSCustomObject]@{
Path = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionAdvertisingInfo"
Name = "Enabled"
}
# Telemetry
[PSCustomObject]@{
Path = "HKLM:SOFTWAREPoliciesMicrosoftWindowsDataCollection"
Name = "AllowTelemetry"
}
) | ForEach-Object {
Set-ItemProp -Path $_.Path -Name $_.Name -Value $Value -PropertyType $Type
Write-Host "$($_.Path)$($_.Name) set to $(Get-ItemPropertyValue -Path $_.Path -Name $_.Name)"
}
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Write-Host "Enabling DiagTrack Services"
Get-Service -Name DiagTrack | Set-Service -StartupType Automatic | Start-Service
}
else {
Write-Host "Disabling DiagTrack Services"
Get-Service -Name DiagTrack | Set-Service -StartupType Disabled | Stop-Service
}
Write-Host "DiagTrack Service status: $(Get-Service -Name DiagTrack | Select-Object -Property Status -ExpandProperty Status)"
Write-Host "DiagTrack Service is set to: $(Get-Service -Name dmwappushservice | Select-Object -Property StartType -ExpandProperty StartType)"
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Get-Service -Name dmwappushservice | Set-Service -StartupType Manual
}
else {
Get-Service -Name dmwappushservice | Set-Service -StartupType Disabled | Stop-Service
}
Write-Host "dmwappushservice Service status: $(Get-Service -Name dmwappushservice | Select-Object -Property Status -ExpandProperty Status)"
Write-Host "dmwappushservice Service is set to: $(Get-Service -Name dmwappushservice | Select-Object -Property StartType -ExpandProperty StartType)"
$tasks = "SmartScreenSpecific", "ProgramDataUpdater", "Microsoft Compatibility Appraiser", "AitAgent", "Proxy", "Consolidator",
"KernelCeipTask", "BthSQM", "CreateObjectTask", "WinSAT", #"Microsoft-Windows-DiskDiagnosticDataCollector", # This is disabled by default
"GatherNetworkInfo", "FamilySafetyMonitor", "FamilySafetyRefresh", "SQM data sender", "OfficeTelemetryAgentFallBack",
"OfficeTelemetryAgentLogOn"
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Write-Host "Enabling telemetry scheduled tasks"
$tasks | ForEach-Object {
Write-Host "Enabling $_ Scheduled Task"
# Note: ErrorAction set to SilentlyContinue so as to skip over any missing tasks. Enable-ScheduledTask will still error if it can't be enabled.
Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Enable-ScheduledTask
$State = Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Select-Object State -ExpandProperty State
Write-Host "Scheduled Task: $_ is $State"
}
}
else {
Write-Host "Disabling telemetry scheduled tasks"
$tasks | ForEach-Object {
Write-Host "Disabling $_ Scheduled Task"
# Note: ErrorAction set to SilentlyContinue so as to skip over any missing tasks. Disable-ScheduledTask will still error if it can't be disabled.
Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Disable-ScheduledTask
$State = Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Select-Object State -ExpandProperty State
Write-Host "Scheduled Task: $_ is $State"
}
}
}
catch {
Write-Error $_
exit 1
}
gpupdate.exe /force
exit 0
}
end {}
|
#Requires -Version 5.1
<#
.SYNOPSIS
Enables or Disabled Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.DESCRIPTION
Enables or Disabled Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
No Params needed to Disable Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
-Enable
Enables Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
PS C:> Set-Windows10KeyLogger.ps1
Disables Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.EXAMPLE
PS C:> Set-Windows10KeyLogger.ps1 -Enable
Enables Windows 10 Linguistic Data Collection, Advertising ID, and Telemetry
.OUTPUTS
None
.NOTES
Minimum OS Architecture Supported: Windows 10
Release Notes:
Initial Release
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider.
Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
.COMPONENT
OSSecurity
#>
[CmdletBinding()]
param (
[Parameter()]
[Switch]
$Enable
)
begin {
function Test-IsElevated {
$id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$p = New-Object System.Security.Principal.WindowsPrincipal($id)
if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))
{ Write-Output $true }
else
{ Write-Output $false }
}
function Set-ItemProp {
param (
$Path,
$Name,
$Value,
[ValidateSet('DWord', 'QWord', 'String', 'ExpandedString', 'Binary', 'MultiString', 'Unknown')]
$PropertyType = 'DWord'
)
New-Item -Path $Path -Force | Out-Null
if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {
Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false | Out-Null
}
else {
New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false | Out-Null
}
}
$Type = "DWORD"
}
process {
if (-not (Test-IsElevated)) {
Write-Error -Message "Access Denied. Please run with Administrator privileges."
exit 1
}
$Value = if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) { 1 }else { 0 }
try {
@(
# Linguistic Data Collection
[PSCustomObject]@{
Path = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesTextInput"
Name = "AllowLinguisticDataCollection"
}
# Advertising ID
[PSCustomObject]@{
Path = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionAdvertisingInfo"
Name = "Enabled"
}
# Telemetry
[PSCustomObject]@{
Path = "HKLM:SOFTWAREPoliciesMicrosoftWindowsDataCollection"
Name = "AllowTelemetry"
}
) | ForEach-Object {
Set-ItemProp -Path $_.Path -Name $_.Name -Value $Value -PropertyType $Type
Write-Host "$($_.Path)$($_.Name) set to $(Get-ItemPropertyValue -Path $_.Path -Name $_.Name)"
}
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Write-Host "Enabling DiagTrack Services"
Get-Service -Name DiagTrack | Set-Service -StartupType Automatic | Start-Service
}
else {
Write-Host "Disabling DiagTrack Services"
Get-Service -Name DiagTrack | Set-Service -StartupType Disabled | Stop-Service
}
Write-Host "DiagTrack Service status: $(Get-Service -Name DiagTrack | Select-Object -Property Status -ExpandProperty Status)"
Write-Host "DiagTrack Service is set to: $(Get-Service -Name dmwappushservice | Select-Object -Property StartType -ExpandProperty StartType)"
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Get-Service -Name dmwappushservice | Set-Service -StartupType Manual
}
else {
Get-Service -Name dmwappushservice | Set-Service -StartupType Disabled | Stop-Service
}
Write-Host "dmwappushservice Service status: $(Get-Service -Name dmwappushservice | Select-Object -Property Status -ExpandProperty Status)"
Write-Host "dmwappushservice Service is set to: $(Get-Service -Name dmwappushservice | Select-Object -Property StartType -ExpandProperty StartType)"
$tasks = "SmartScreenSpecific", "ProgramDataUpdater", "Microsoft Compatibility Appraiser", "AitAgent", "Proxy", "Consolidator",
"KernelCeipTask", "BthSQM", "CreateObjectTask", "WinSAT", #"Microsoft-Windows-DiskDiagnosticDataCollector", # This is disabled by default
"GatherNetworkInfo", "FamilySafetyMonitor", "FamilySafetyRefresh", "SQM data sender", "OfficeTelemetryAgentFallBack",
"OfficeTelemetryAgentLogOn"
if ($PSBoundParameters.ContainsKey("Enable") -and $Enable) {
Write-Host "Enabling telemetry scheduled tasks"
$tasks | ForEach-Object {
Write-Host "Enabling $_ Scheduled Task"
# Note: ErrorAction set to SilentlyContinue so as to skip over any missing tasks. Enable-ScheduledTask will still error if it can't be enabled.
Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Enable-ScheduledTask
$State = Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Select-Object State -ExpandProperty State
Write-Host "Scheduled Task: $_ is $State"
}
}
else {
Write-Host "Disabling telemetry scheduled tasks"
$tasks | ForEach-Object {
Write-Host "Disabling $_ Scheduled Task"
# Note: ErrorAction set to SilentlyContinue so as to skip over any missing tasks. Disable-ScheduledTask will still error if it can't be disabled.
Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Disable-ScheduledTask
$State = Get-ScheduledTask -TaskName $_ -ErrorAction SilentlyContinue | Select-Object State -ExpandProperty State
Write-Host "Scheduled Task: $_ is $State"
}
}
}
catch {
Write-Error $_
exit 1
}
gpupdate.exe /force
exit 0
}
end {}
Accédez à plus de 700 scripts dans le Dojo NinjaOne
Résumé détaillé
Le script est un cmdlet PowerShell qui permet d’activer la collecte de données linguistiques, l’identification publicitaire et la télémétrie de Windows 10. Voici une description étape par étape :
- Prérequis : Le script nécessite la version 5.1 de PowerShell.
- Paramètres : Le script accepte un commutateur optionnel -Enable. S’il est fourni, il active les fonctions de collecte de données; sinon, il les désactive.
- Fonctions :
- Test-IsElevated : Vérifie si le script est exécuté avec des privilèges d’administrateur.
- Set-ItemProp : Définit ou crée une valeur de clé de registre.
- Processus :
- Tout d’abord, le script vérifie l’existence de privilèges d’administrateur. S’il n’y en a pas, il s’arrête.
- Il détermine ensuite s’il faut activer ou désactiver les fonctionnalités en fonction du commutateur -Enable.
- Le script modifie des clés de registre spécifiques correspondant à la collecte de données linguistiques, à l’identifiant publicitaire et à la télémétrie.
- Il gère également les services DiagTrack et dmwappushservice, qui sont liés à la télémétrie.
- Enfin, il active diverses tâches planifiées liées à la télémétrie.
- Exécution : Le script se termine par une mise à jour forcée de la stratégie de groupe (GPO).
Cas d’utilisation potentiels
Imaginez qu’un fournisseur de services informatiques (MSP) gère l’informatique d’un prestataire de soins de santé. En raison de la réglementation HIPAA, ils doivent veiller à ce que les fuites de données soient minimales. À l’aide de ce script, l’entreprise MSP peut rapidement désactiver toutes les fonctions de collecte de données sur toutes les machines Windows 10 du réseau, garantissant ainsi la conformité et améliorant la confidentialité des données des patients.
Comparaisons
Bien qu’il existe des outils basés sur une interface graphique et des méthodes manuelles pour basculer ces paramètres, ce script offre une solution plus efficace, reproductible et évolutive. Les méthodes manuelles peuvent prendre du temps et être sujettes à des erreurs, en particulier sur plusieurs machines. Les outils d’interface graphique peuvent ne pas offrir la précision ou les capacités d’automatisation d’un script PowerShell.
FAQ
- Puis-je exécuter ce script sur d’anciennes versions de Windows ?
Non, ce script est conçu spécifiquement pour Windows 10. - Ai-je besoin de privilèges d’administrateur pour exécuter le script ?
Oui, le script nécessite des droits d’administrateur pour modifier les clés de registre et gérer les services.
Implications
L’utilisation de ce script peut améliorer considérablement la confidentialité des données, en particulier dans les secteurs soumis à des réglementations strictes. Cependant, la désactivation de certaines caractéristiques peut limiter certaines fonctionnalités ou mécanismes de retour d’information dans Windows 10. Les professionnels de l’informatique doivent évaluer les avantages par rapport aux limites potentielles.
Recommandations
- Sauvegardez toujours les paramètres du registre avant de les modifier.
- Testez le script dans un environnement contrôlé avant de le déployer à grande échelle.
- Révisez et mettez à jour régulièrement les scripts afin de prendre en compte les changements apportés par les futures mises à jour de Windows 10.
Conclusions
Pour les professionnels de l’informatique et les MSP, des outils tels que NinjaOne peuvent s’avérer inestimables pour la gestion et la surveillance des environnements informatiques. Associés à des scripts tels que celui présenté ici, ils peuvent garantir une infrastructure informatique sûre, conforme et efficace. Au fur et à mesure que les fonctionnalités de collecte de données de Windows 10 évoluent, il sera essentiel de disposer d’un ensemble d’outils et d’une base de connaissances solides.
