Added reduced telemetry policies (#510)

Added reduced telemetry policies to the Miscellaneous Category in the Harden Windows Security module. They are a sub-category and include the following policies: #510

Harden-Windows-Security Module/Main files/C#/GUI/Protection/EventHandlers.cs

@@ -671,6 +671,11 @@ await Task.Run(() =>
 											   MiscellaneousConfigurations.MiscellaneousConfigurations_StrongKeyProtection();
 										   }
 
+										   if (SelectedSubCategories.Contains("MiscellaneousConfigurations_ReducedTelemetry"))
+										   {
+											   MiscellaneousConfigurations.MiscellaneousConfigurations_ReducedTelemetry();
+										   }
+
 										   break;
 									   }
 								   case "WindowsUpdateConfigurations":

Harden-Windows-Security Module/Main files/C#/GUI/Protection/Variables.cs

@@ -46,7 +46,7 @@ public static partial class GUIProtectWinSecurity
 				{ "UserAccountControl", new string[] { "UAC_NoFastSwitching", "UAC_OnlyElevateSigned" } },
 				{ "WindowsNetworking", new string[] { "WindowsNetworking_BlockNTLM" } },
 				{ "TLSSecurity", new string[] { "TLSSecurity_BattleNetClient" } },
-				{ "MiscellaneousConfigurations", new string[] { "Miscellaneous_WindowsProtectedPrint", "MiscellaneousConfigurations_LongPathSupport", "MiscellaneousConfigurations_StrongKeyProtection" } },
+				{ "MiscellaneousConfigurations", new string[] { "Miscellaneous_WindowsProtectedPrint", "MiscellaneousConfigurations_LongPathSupport", "MiscellaneousConfigurations_StrongKeyProtection", "MiscellaneousConfigurations_ReducedTelemetry" } },
 				{ "DeviceGuard", new string[] { "DeviceGuard_MandatoryVBS" } },
 				{ "CountryIPBlocking", new string[] { "CountryIPBlocking_OFAC" } },
 				{ "DownloadsDefenseMeasures", new string[] { "DangerousScriptHostsBlocking" } }

Harden-Windows-Security Module/Main files/C#/Protect Methods/MiscellaneousConfigurations_ReducedTelemetry.cs

@@ -0,0 +1,17 @@
+using System.IO;
+
+namespace HardenWindowsSecurity;
+
+public static partial class MiscellaneousConfigurations
+{
+	/// <summary>
+	/// This sub-category applies the reduced telemetry policies on the system
+	/// </summary>
+	public static void MiscellaneousConfigurations_ReducedTelemetry()
+	{
+		Logger.LogMessage("Applying the Reduced Telemetry policies", LogTypeIntel.Information);
+
+		LGPORunner.RunLGPOCommand(Path.Combine(GlobalVars.path, "Resources", "Security-Baselines-X", "Miscellaneous Policies", "Reduced Telemetry", "registry.pol"), LGPORunner.FileType.POL);
+
+	}
+}

Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1

@@ -86,7 +86,7 @@ Function Protect-WindowsSecurity {
             Invoke-Command -ScriptBlock $DynParamCreatorSubCategories -ArgumentList 'WindowsNetworking_BlockNTLM'
         }
         if ('MiscellaneousConfigurations' -in $PSBoundParameters['Categories']) {
-            'Miscellaneous_WindowsProtectedPrint', 'MiscellaneousConfigurations_LongPathSupport', 'MiscellaneousConfigurations_StrongKeyProtection' | ForEach-Object -Process { Invoke-Command -ScriptBlock $DynParamCreatorSubCategories -ArgumentList $_ }
+            'Miscellaneous_WindowsProtectedPrint', 'MiscellaneousConfigurations_LongPathSupport', 'MiscellaneousConfigurations_StrongKeyProtection' , 'MiscellaneousConfigurations_ReducedTelemetry' | ForEach-Object -Process { Invoke-Command -ScriptBlock $DynParamCreatorSubCategories -ArgumentList $_ }
         }
         if ('CountryIPBlocking' -in $PSBoundParameters['Categories']) {
             Invoke-Command -ScriptBlock $DynParamCreatorSubCategories -ArgumentList 'CountryIPBlocking_OFAC'
@@ -280,7 +280,7 @@ Function Protect-WindowsSecurity {
         'MSFTDefender_BetaChannels', 'LockScreen_CtrlAltDel', 'LockScreen_NoLastSignedIn', 'UAC_NoFastSwitching',
         'UAC_OnlyElevateSigned', 'WindowsNetworking_BlockNTLM', 'Miscellaneous_WindowsProtectedPrint', 'CountryIPBlocking_OFAC',
         'PathToLGPO', 'PathToMSFT365AppsSecurityBaselines', 'PathToMSFTSecurityBaselines', 'DangerousScriptHostsBlocking',
-        'MiscellaneousConfigurations_LongPathSupport', 'DeviceGuard_MandatoryVBS', 'MiscellaneousConfigurations_StrongKeyProtection') | ForEach-Object -Process {
+        'MiscellaneousConfigurations_LongPathSupport', 'DeviceGuard_MandatoryVBS', 'MiscellaneousConfigurations_StrongKeyProtection', 'MiscellaneousConfigurations_ReducedTelemetry') | ForEach-Object -Process {
             New-Variable -Name $_ -Value $($PSBoundParameters[$_]) -Force
         }
         # Set the default value for LogPath to the current working directory if not specified
@@ -472,6 +472,7 @@ Function Protect-WindowsSecurity {
     MiscellaneousConfigurations_LongPathSupport -> Enables support for long paths for applications
     DeviceGuard_MandatoryVBS -> Enforces VBS and Memory Integrity in Mandatory mode
     MiscellaneousConfigurations_StrongKeyProtection -> System cryptography: Force strong key protection for user keys stored on the computer
+    MiscellaneousConfigurations_ReducedTelemetry -> Applies the policies that reduce the telemetry in the OS. See the Readme for more info.
 
     Each of the switch parameters above will be dynamically generated based on the categories you choose.
     For example, if you choose to run the Microsoft Security Baselines category, the SecBaselines_NoOverrides switch parameter will be generated and you can use it to apply the Microsoft Security Baselines without the optional overrides.

Harden-Windows-Security Module/Main files/Resources/XAML/Protect.xaml

@@ -229,6 +229,9 @@
                                                 <ListViewItem ToolTipService.InitialShowDelay="1000" ToolTip="System cryptography: Force strong key protection for user keys stored on the computer">
                                                     <CheckBox x:Name="MiscellaneousConfigurations_StrongKeyProtection" Content="Force strong key protection" VerticalContentAlignment="Center" Padding="10,10,40,10" Template="{StaticResource CustomCheckBoxTemplate}"/>
                                                 </ListViewItem>
+                                                <ListViewItem ToolTipService.InitialShowDelay="1000" ToolTip="Applies the policies that reduce the telemetry in the OS">
+                                                    <CheckBox x:Name="MiscellaneousConfigurations_ReducedTelemetry" Content="Reduced Telemetry" VerticalContentAlignment="Center" Padding="10,10,40,10" Template="{StaticResource CustomCheckBoxTemplate}"/>
+                                                </ListViewItem>
                                                 <ListViewItem ToolTipService.InitialShowDelay="1000" ToolTip="Blocks OFAC sanctioned countries' IPs in Firewall.">
                                                     <CheckBox x:Name="CountryIPBlocking_OFAC" Content="Block OFAC Sanctions Countries" VerticalContentAlignment="Center" Padding="10,10,40,10" Template="{StaticResource CustomCheckBoxTemplate}"/>
                                                 </ListViewItem>

Harden-Windows-Security Module/Main files/Shared/HardeningFunctions.ps1

@@ -319,6 +319,12 @@ Function Invoke-MiscellaneousConfigurations {
                 } 'No' { break MiscellaneousConfigurations_StrongKeyProtection }
                 'Exit' { break MainSwitchLabel }
             }
+            :MiscellaneousConfigurations_ReducedTelemetry switch ($RunUnattended ? ($MiscellaneousConfigurations_ReducedTelemetry ? 'Yes' : 'No') : (Select-Option -SubCategory -Options 'Yes', 'No', 'Exit' -Message "`nApply policies that reduce telemetry in the OS ?" -ExtraMessage 'Read the GitHub Readme!')) {
+                'Yes' {
+                    [HardenWindowsSecurity.MiscellaneousConfigurations]::MiscellaneousConfigurations_ReducedTelemetry()
+                } 'No' { break MiscellaneousConfigurations_ReducedTelemetry }
+                'Exit' { break MainSwitchLabel }
+            }
         } 'No' { break MiscellaneousLabel }
         'Exit' { break MainSwitchLabel }
     }

README.md

@@ -1253,6 +1253,38 @@ NistP384
 
 - <img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif" width="25" alt="Blue Check mark denoting Group Policy"> <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/discord-verify-gradient.gif" width="25" alt="Rotating green checkmark denoting Subcategory"> [Force strong key protection](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer) for user keys stored on the computer. User is prompted when the key is first used.
 
+<br>
+
+- <img src="https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/images/Gifs/bluemark.gif" width="25" alt="Blue Check mark denoting Group Policy"> <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/discord-verify-gradient.gif" width="25" alt="Rotating green checkmark denoting Subcategory"> Reduced Telemetry. This sub-category applies all of the policies mentioned below. They do not have any effect on security.
+
+   * Disable Online Tips. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#allowonlinetips)
+
+   * Disable Find My Device feature. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#allowfindmydevice)
+
+   * Disable Automatic Update of Speech Data. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#allowspeechmodelupdate)
+
+   * Turn off the advertising ID. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#disableadvertisingid)
+
+   * Turn off cloud optimized content. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#disablecloudoptimizedcontent)
+
+   * Do not show Windows tips. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#allowwindowstips)
+
+   * Do not show feedback notifications. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#donotshowfeedbacknotifications)
+
+   * Turn off Automatic Download and Update of Map Data. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#enableofflinemapsautoupdate)
+
+   * Disable Message Service Cloud Sync for cellular text messages. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-messaging#allowmessagesync)
+
+   * Disable support for web-to-app linking with app URI handlers. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#enableappurihandlers)
+
+   * Disable "Continue experiences on this device" feature. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-grouppolicy#enablecdp)
+
+   * Disable Font Providers. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#allowfontproviders)
+
+   * Don't search the web or display web results in Search. <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/green-verification.gif" width="15" alt="Rotating green checkmark denoting CSP"> [CSP](https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#donotusewebresults)
+
+   * Do not allow web search. [More Info](https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-cortana-and-search-group-policies)
+
 <p align="right"><a href="#menu-back-to-top">💡 (back to categories)</a></p>
 
 <br>