Windows Settings I never leave on Default

Configurare noua (How To)

Situatie

Windows has tons of settings buried between layers of menus that you ever touch. However, Windows isn’t set up for security by default, meaning there are several default settings you need to change.

Solutie

Telemetry

Windows telemetry is Microsoft’s way of collecting data about how you use your system. They claim to do it for improving the overall user experience, but I’m not comfortable with my computer constantly sending data about my app usage, system performance, and hardware configuration to Microsoft.

Thankfully, disabling it is quite simple. Follow these steps:

  1. Head over to Windows Settings and click the Privacy & security tab. Then, click Diagnostics & feedback
  2. Disable the Send optional diagnostic data setting
  3. As an added precaution, also click the Delete button under the Delete diagnostic data section to delete any data stored on Microsoft servers

Windows 11 diagnostic and feedback settings

Windows 11 settings app with privacy and security settings

Windows 11 diagnostic and feedback settings

Microsoft will still collect some data from your system, as you can’t disable telemetry completely on Windows Home editions without some under-the-hood tweaking. However, you can still reduce the amount of information your PC sends over, saving the CPU and memory resources spent on running the telemetry services in the background.

Advertising ID

Windows generates a unique advertising ID for each user, which app developers and ad networks use to track you across apps. This works a lot like browser cookies, allowing advertisers to serve you personalized ads based on your browsing or app usage history.

Follow these steps to disable this behavior:

  1. Head over to Windows Settings and click the Privacy & security tab. Then, click Recommendations & offers.
  2. Disable the Advertising ID slider.
  3. As an added precaution, disable all settings in this section except Show notifications in settings.
Windows 11 settings app with privacy and security settings
Windows 11 recommendations and offers settings
I also visit Microsoft’s Privacy Dashboard and disable interest-based advertising there. This ensures you’re not being tracked through other Microsoft services.

The location services on your PC aren’t as accurate as those on your phone, but they serve the same purpose. This setting is enabled by default and can expose sensitive information about your daily routine and habits. Even if you trust Microsoft with this data, any app on your system can potentially access this information.

Here’s how to disable location services on Windows:

  1. Head over to Windows Settings and click the Privacy & security tab. Then, click Location.
  2. Disable the Location services slider.
Windows 11 settings app with privacy and security settings
Windows 11 location settings

Remember that location services aren’t the same as GPS. Even the NSA recommends disabling it on your devices to limit location exposure risks.

Disabling location services on Windows will break some functionality, like automatic time zones and Find my device. If you need location services enabled, I recommend that you check the Let apps access your location section right below the location services setting to ensure only the required apps have access.

Microsoft has made it impossible to permanently disable automatic app and Windows updates. You can now only pause them for up to 5 weeks. Here’s how you can get some control back:

  1. Open Microsoft Store, click on your profile icon at the top-right. Click Settings from the menu that pops up.
  2. Disable the App updates slider.
Microsoft Store on Windows 11
Microsoft Store settings on Windows 11

Automatic updates are generally good for security, but Microsoft Store updates have been unreliable for me for as long as I’ve used it. For more permanent control, you can use the Group Policy editor on Pro or Enterprise editions of Windows.

Nothing’s more frustrating than Windows deciding to restart to install updates in the middle of your work. The default active hours go from 8 AM to 5 PM and don’t really suit my real-world usage patterns.

Here’s how to change them:

  1. Head over to Windows Settings and click the Windows Update section. Once there, click Advanced options.
  2. Change the Active hours setting to match your usage patterns.

You can set up to 18 hours of active time, which should match most people’s daily usage.

This is a more technical setting that’s often overlooked by most people. However, it’s important for security, especially if you work with custom fonts. Windows allows programs to load fonts from anywhere on your system, which can be exploited by hackers for privilege escalation attacks.

Unfortunately, changing this setting requires the Group Policy editor. If you don’t have a Pro or Enterprise edition of Windows, you can modify the registry to change this setting.

  1. Open the Registry Editor and go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\ registry subkey
  2. You should see a key named MitigationOptions. If it’s not present, right-click the empty space on the right and create a new QWORD (64-bit) and give it the same name.
  3. Update the Value data of the MitigationOptions key by double-clicking it. Use 1000000000000 to enable or 2000000000000 to disable the feature
Windows Registry Editor main screen
Windows registry editor key creation menu
Windows regisry editor key value edit menu

Windows will now block all untrusted fonts from loading and log any attempts to do so. Do keep in mind that enabling this feature can cause compatibility issues with some applications, in which case you’ll have to revert any changes for the program to work.

Unless you know how network sharing works on Windows and enable this feature by default, file and printer sharing should never be enabled on public networks.

Here’s how to disable file and printer sharing over public networks:

  1. Open Windows Settings and head over to Network & internet. Then, click Advanced network settings.
  2. Click Advanced sharing settings.
  3. Expand the Public network section and ensure Network discovery and File and printer sharing are disable
Windows 11 network and ethernet settings
Windows 11 advanced network settings
Windows 11 advacned network sharing settings

This is one of the most important settings to change when setting up a new Windows PC. If enabled on public networks, anyone can potentially access your shared files or printers.

Auto-Connect to Suggested Open Hotspots

Windows has a feature that automatically connects your laptop to open hotspots in public areas. Now, public Wi-Fi isn’t automatically insecure, but some mistakes make it dangerous. It’s also far from your only option to get online on the go, and there are much safer alternatives to public Wi-Fi available.

While Wi-Fi Sense has been discontinued in Windows 11, it might still connect to random open Wi-Fi networks from time to time. You can’t completely stop this from happening without modifying the registry, but you can protect your device by using randomized hardware addresses. Here’s how:

  1. Open Windows Settings and head over to Network & internet. Then, click Wi-Fi.
  2. Enable the Random hardware addresses slider.
  3. This makes it harder for people to track your device’s location as the hardware or MAC address of your Wi-Fi card remains the same across networks. By randomizing it, it becomes harder to tell whether the same device is connected to multiple networks.

Tip solutie

Permanent

Voteaza

Up Down
(3 din 8 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?