Disassembler0 / Win10-Initial-Setup-Script

PowerShell script for automation of routine tasks done after fresh installations of Windows 10 / Server 2016 / Server 2019
MIT License
4.7k stars 1.07k forks source link

DisableWebSearch doesn't work on 2004 #300

Open Disassembler0 opened 4 years ago

Disassembler0 commented 4 years ago

Microsoft has broken all GPOs and settings related to disabling Bing Search in Start Menu in 2004.

The best workaround currently is to set

If (!(Test-Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer")) {
    New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null
}
Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableSearchBoxSuggestions" -Type DWord -Value 1

however that disables searching also for recent entries and possibly has some other side effects.

This issue is slightly related to #262, where Microsoft managed to break web search settings in a different way.

mariobesen commented 4 years ago

Heyo,

To disable web search in Windows May 2020 Update (build 19041, version 2004) you must set DWORD "ConnectedSearchUseWeb" to value '0' under: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

image

DisableWebSearch isn't respected and doesn't have to be set for this to work.

GPO: "Don´t search the web or display web results in search" under Computer Configuration\Administrative Templates\Windows Components\search\

Disassembler0 commented 4 years ago

@mariobesen: I'm unable to replicate that. Are there any more keys/setting outside the script you have applied? Moreover, "Don´t search the web or display web results in search" GPO sets the DisableWebSearch registry key. The ConnectedSearchUseWeb is AFAIK obsolete since ~1803.

From what I have tried, none of the following (or combination of thereof) work:

Activity history setting has also no effect.

mariobesen commented 4 years ago

@Disassembler0 Hm, that's interesting.

This is the default state where web search works. image

When I enable "Do not allow web search" policy it is not respected although "DisableWebSearch" DWORD is set to 0. image

But, if I set "Don't search the web or display web results in Search" alongside first policy, it seems like it works: image

This is on build 19041.207, Enterprise SKU.

Disassembler0 commented 4 years ago

This is on build 19041.207, Enterprise SKU.

Yeah, that's it. :/ Just tried in on Enterprise and it works there. On Home and Pro it doesn't.

Kein commented 4 years ago

Not broken, works as intended :) Microsoft need that sweet-sweet telemetry and private data.

navossoc commented 4 years ago

Any luck disabling the search on Windows Pro?

rnc commented 4 years ago

Does https://superuser.com/questions/1510739/how-to-get-rid-of-windows-10-search-web-results-triggered-from-the-start-menu help ? It seems setting DisableSearchBoxSuggestions DWORD32 value in HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer to 1 does seem to work for me (Win 10 Home Version 10.0.19041 Build 19041 in a VM)

navossoc commented 4 years ago

@rnc Not really, the search are still being done on the background. It just doesn't show the results on the start menu.

Sad shit?

rnc commented 4 years ago

@navossoc Ok, but at least that is less confusing to users. I wonder if the search could be blocked by the firewall?

navossoc commented 4 years ago

@rnc No idea, but this is definitively something I want to look into. I don't want a keylogger on my start menu.

Kein commented 4 years ago

I wonder if the search could be blocked by the firewall?

Yes and no. The rule is straightforward and you can block Search.exe which is what goes into the outer network when you type something in search. However, knowing Microsoft and their unquenchable greed for your private data, telemetry and analytics - I wouldnt be surprised some other service, that claims to be essential, mirrors the ability to upload your search/typed data. This brings us to the fact that Microsoft (intentionally?) shipped broken Firewall which can't distinguish different services from each other (all native Win services are being ran through svchost container) which means you cant block specific service even if you find it - you have to block them all.

If you can live with that then this is the best solution, you gonna need to download updates manually, though, and whitelist the apps/programs you want to use.

(Albeit, I saw a claim that even when you are in total block mode via WFP (Windows Filtering Platform, this is what Windows Firewall runs on) with EVERYTHING explicitly blocked, there is still some network activity towards MS server/endpoints. It would be super bizzare but I cant say I'd be surprised if there are some hard-coded (at the platform code level) exception or even telemetry functionality right in the kernel. This isnt confirmed tho, I didnt have time nor currently any means to test it)

Kein commented 4 years ago

This is not enough, because after an update Windows 10 will reset most of the rules MC thinks they should "manage themselves". These resets will re-enable blocked rules or re-add some deleted. What you need is to setup a Task and rework script to run on boot and iterate all rules and see if required rules that were set to block now either set to to allow or also duplicated with allowance mode for the same EXE/package and then purge the restored. Otherwise you will end up believing you are done when in reality it was silently set to allowed and you were oblivious.

Kein commented 4 years ago

Are you talking about an "KB update" (if so, it's not correct). KB updates do not touch any firewall rules.

It is correct, I observed such behavior many times (just had recent one with Cortana being restored in rules) and so are multiple people. There is a whole thread dedicated to custom solutions to prevent this, for example here. I myself, when I get a chance and free time, plan to write a simple wrapper that will monitor rules integrity and report on any unsolicited changes (this will also allow me to get more in-depth stats when this happens and to which degree).

If you talk about an In-place upgrade or Firewall reset then there is less you can do except backup the rules and re-import them.

No, I'm not talking about whole reset of rules, I'm talking about some specific rules being restored and/or re-enabled to their "desired state" (desired to MS). This often happens when you install some App from Store or install an Update. Most prominent are Search, Cortana, Diagnostics Services (telemetry), Edge, and so on.

Messing with firewall rules requires admin rights

Windows Updates run at elevated rights (in this case it is TI), and so are MS apps from store almost all ask for it as well (Edge, PowerShell, Windows Terminal installations, etc) .

The best solution is that we report this to MS so that they fix it,

Report what exactly? "Hello Microsoft, I've installed Cumulative Update for June and Cortana rules I specifically disabled and deleted in Windows Firewall are magically back again. Surely, you didnt intend to, could you please dont do this, despite the fact you were doing for the whole lifespan of Windows 10?" I'm not sure if you are honestly expecting any meaningful response and not being ignored. And the core issue with rules not being applied to services existed since Windows 8.1. That's like, what, 8-9 years? If they actually wanted to fix it they'd do that already.

Kein commented 4 years ago

However, you still did not provide any evidence

Never had any intention because to provide such evidence I'd need to have special test box and monitor it and collect stats and data and snapshots. I just shared some of the knowledge I had so anyone, if interested, can apriori mitigate the issue. You dont have to do anything if you dont want to. That being said, once I finish the watchdog I will have some stats, probably share them somewhere in 2021.

For example that GPO behaves differently on Pro versions then Enterprise versions.

Not sure what that has to do with Firewall Rules, I thought we were taking in that context.

I also do not think that this is a big problem for most power users here because most of "us" uninstall Cortana anyway.

Yes, but Cortan is just one of the examples and easily noticeable since from my memory this is the rule that being restored almost always with any update. I used it as an easy example, nothing more.

E3V3A commented 4 years ago

Can this be related to the #339 ?

Moe1369 commented 4 years ago

Can this be related to the #339 ?

Sadly I think this has to do with the Pro version afaik. I'm running Win10 Education and the provided regkey has worked. Do you by any chance run the Pro version?

E3V3A commented 4 years ago

Do you by any chance run the Pro version?

Nope, using a (not updated) Home version.