I'm specifically basing this list off of 8.1, but I figure it will mostly apply to 8.0 as well due to 8.1 basically being a renamed service pack.
These are basically the suggested Registry and Autologger tweaks from
Blackbird. Why I made this is because Blackbird makes some interesting recommendations that break some useful (to me at least) functionality. So I wanted to see what it does and give the user more information on what things do when making these tweaks. The registry tweaks are pretty safe compared to services, but I still suggest reading them before blindly applying the file.
This post will go over Registry settings in Windows 8.1 that you can disable for more performance, privacy, and security. This list is based off of the upcoming Windows 8.1 Updated v2. (Link here when finished) If you are using 8.1 Updated v2, you do not need to follow this guide as the changes have already been integrated into the ISO. With the exception of the manual Restricting NTLM Traffic, and Enabling ASLR changes. These have their own registry files included in the ISO if you wish to apply them. Any changes not included in the ISO will be mentioned in later posts here.
1: Manual
These can't be batch applied. They will need to be manually applied by you. Open the Registry Editor by pressing the windows key, typing regedit, and pressing enter. To change these, you can search for the name, or navigate to the path they are in.
► Show Spoiler
These disable querying or reporting to a Microsoft server for diagnostics. (aka telemetry)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy]
"EnableQueryRemoteServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy]
"EnableQueryRemoteServer"=dword:00000000
These disable SpyNet telemetry for Windows Defender.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\SpyNet]
"SpyNetReporting"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000000
This disables the Autologger for the Family Safety/Parental Controls service.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\FamilySafetyAOT]
"Start"=dword:00000000
This could be batch applied, but I opted to make it optional instead as it breaks accessing a SMB NAS.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"RestrictReceivingNTLMTraffic"=dword:00000002
"RestrictSendingNTLMTraffic"=dword:00000002
These could be batch applied, but I opted to make it optional instead as it can break some older software.
Edit: Probably don't do this, because it completely broke explorer.exe for me. It would not run at all.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"MoveImages"=dword:ffffffff
2: Able to be batch applied (See attached .reg file)
► Show Spoiler
Unless otherwise specified, it's telemetry, an improvement, or self explanatory.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AIT]
"AITEnable"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ClientTelemetry]
"TaskEnableRun"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows]
"CEIPEnable"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\SQMClient\Windows]
"CEIPEnable"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ScheduledDiagnostics]
"EnabledExecution"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]
"IncludeRecommendedUpdates"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"IncludeRecommendedUpdates"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000
"DisableEnterpriseAuthProxy"=dword:00000001
"TelemetryProxy"="localhost:0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\DataCollection]
"AllowTelemetry"=dword:00000000
"DisableEnterpriseAuthProxy"=dword:00000001
"TelemetryProxy"="localhost:0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting]
"MachineID"="0"
"Disabled"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent]
"NewUserDefaultConsent"=dword:00000000
"DefaultConsent"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR]
"Disable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears]
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000000
"SpyNetReportingLocation"="0"
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000000
"SpyNetReportingLocation"="0"
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontReportInfectionInformation"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\MRT]
"DontReportInfectionInformation"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance]
"fAllowFullControl"=dword:00000000
"fAllowToGetHelp"=dword:00000000
These below 4 might affect networking. I'm not sure in what way, but they don't affect a SMB NAS.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"UseDomainNameDevolution"=dword:00000000
"IGMPLevel"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"DisableSmartNameResolution"=dword:00000001
"EnableMulticast"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DNSClient]
"DisableSmartNameResolution"=dword:00000001
"EnableMulticast"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"SMB1"=dword:00000000
The rest of these are all Autologgers, which is another name for telemetry.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Audio]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DiagLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\LwtNetLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Microsoft-Windows-Setup]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\NBSMBLOGGER]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\NtfsLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PEAuthLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PerfPipeUserSession:0]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PerfPipeUserSession:1]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PerfPipeUserSession:2]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PerfPipeUserSession:3]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\RAC_PS]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\RdrLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\ReFSWmiLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SetupPlatform]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\TCPIPLOGGER]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Tpm]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\UBPM]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WFP-IPsec Trace]
"Start"=dword:00000000