Verifying Your Windows 11 Privacy Setup [Part 2 of 2]
Confirm everything worked and troubleshoot any issues
You ran the script. You rebooted. But did it actually work?
In Part 1, we ran a script to strip Windows 11 down to essentials. Now we need to make sure it actually worked.
Why Verify?
Windows has a habit of re-enabling things. Updates can restore settings. Some services are stubborn. Before you assume you’re protected, confirm it.
The verification script checks:
- Services are actually disabled
- Bloatware apps are removed
- Registry keys are set correctly
- The CDP folder block is in place
The Verification Script
Download: Save this as Win11-Verify-Minimal.ps1
<#
.SYNOPSIS
Windows 11 Minimal Setup Verification Script
.DESCRIPTION
Verifies that the Win11-Minimal-WorkStation.ps1 script was applied successfully.
Checks services, bloatware apps, registry keys, and CDP folder status.
Run after reboot to confirm all privacy changes took effect.
.NOTES
Script Name : Win11-Verify-Minimal.ps1
Version : 1.0
Author : The Captain Dumbass
Created : 2026-01-25
License : MIT
Repository : https://thecaptaindumbass.com/
.EXAMPLE
powershell -ExecutionPolicy Bypass -File .\Win11-Verify-Minimal.ps1
Run in PowerShell to verify all privacy settings were applied.
.LINK
https://thecaptaindumbass.com/
#>
Write-Host "=== Verifying Minimal Work Station Setup ===" -ForegroundColor Cyan
Write-Host ""
# Check Services
Write-Host "[Services - Should be Disabled/Stopped]" -ForegroundColor Yellow
$services = @("DiagTrack", "CDPSvc", "CDPUserSvc", "SysMain", "XblAuthManager", "WSearch")
foreach ($svc in $services) {
$s = Get-Service -Name $svc -ErrorAction SilentlyContinue
if ($s) {
$status = if ($s.StartType -eq "Disabled") { "OK - Disabled" } else { "STILL ENABLED" }
$color = if ($s.StartType -eq "Disabled") { "Green" } else { "Red" }
Write-Host " $svc : $status" -ForegroundColor $color
} else {
Write-Host " $svc : Not Found (OK)" -ForegroundColor Green
}
}
Write-Host ""
# Check Bloatware Apps
Write-Host "[Bloatware Apps - Should be Removed]" -ForegroundColor Yellow
$apps = @("Microsoft.BingNews", "Microsoft.XboxGamingOverlay", "Microsoft.OneDrive", "Microsoft.YourPhone", "Clipchamp.Clipchamp")
foreach ($app in $apps) {
$pkg = Get-AppxPackage -Name $app -ErrorAction SilentlyContinue
$status = if ($pkg) { "STILL INSTALLED" } else { "OK - Removed" }
$color = if ($pkg) { "Red" } else { "Green" }
Write-Host " $app : $status" -ForegroundColor $color
}
Write-Host ""
# Check Registry Keys
Write-Host "[Privacy Registry Keys]" -ForegroundColor Yellow
$telemetry = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -ErrorAction SilentlyContinue).AllowTelemetry
$adId = (Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -ErrorAction SilentlyContinue).Enabled
$telStatus = if ($telemetry -eq 0) { "OK - Disabled" } else { "NOT SET" }
$telColor = if ($telemetry -eq 0) { "Green" } else { "Red" }
Write-Host " Telemetry: $telStatus" -ForegroundColor $telColor
$adStatus = if ($adId -eq 0) { "OK - Disabled" } else { "NOT SET" }
$adColor = if ($adId -eq 0) { "Green" } else { "Red" }
Write-Host " Advertising ID: $adStatus" -ForegroundColor $adColor
Write-Host ""
# Check CDP Folder Block
Write-Host "[Connected Devices Platform Folder]" -ForegroundColor Yellow
$cdpPath = "$env:LOCALAPPDATA\ConnectedDevicesPlatform"
if (Test-Path $cdpPath -PathType Leaf) {
Write-Host " CDP Folder: OK - Blocked (exists as file)" -ForegroundColor Green
} elseif (Test-Path $cdpPath -PathType Container) {
$items = (Get-ChildItem $cdpPath -ErrorAction SilentlyContinue).Count
Write-Host " CDP Folder: EXISTS with $items items" -ForegroundColor Red
} else {
Write-Host " CDP Folder: Deleted (may recreate)" -ForegroundColor Yellow
}
Write-Host ""
Write-Host "=== Verification Complete ===" -ForegroundColor Cyan
How to Run It
Step 1: Open PowerShell
- Press Win + X
- Select Terminal or Windows PowerShell
- Note: Admin not required for verification (just reading, not changing)
Step 2: Navigate to the Script
cd $HOME\Desktop
Or wherever you saved the script.
Step 3: Run It
powershell -ExecutionPolicy Bypass -File .\Win11-Verify-Minimal.ps1
Understanding the Output
All Green = Success
=== Verifying Minimal Work Station Setup ===
[Services - Should be Disabled/Stopped]
DiagTrack : OK - Disabled
CDPSvc : OK - Disabled
CDPUserSvc : OK - Disabled
SysMain : OK - Disabled
XblAuthManager : OK - Disabled
WSearch : OK - Disabled
[Bloatware Apps - Should be Removed]
Microsoft.BingNews : OK - Removed
Microsoft.XboxGamingOverlay : OK - Removed
Microsoft.OneDrive : OK - Removed
Microsoft.YourPhone : OK - Removed
Clipchamp.Clipchamp : OK - Removed
[Privacy Registry Keys]
Telemetry: OK - Disabled
Advertising ID: OK - Disabled
[Connected Devices Platform Folder]
CDP Folder: OK - Blocked (exists as file)
=== Verification Complete ===
Everything green? You’re done. Your system is locked down.
Red Items = Needs Attention
If you see STILL ENABLED or STILL INSTALLED, something didn’t take.
Troubleshooting
Service Shows “STILL ENABLED”
The service didn’t get disabled. Here’s how to fix it manually:
# Run as Administrator
Set-Service -Name "DiagTrack" -StartupType Disabled
Stop-Service -Name "DiagTrack" -Force
Replace DiagTrack with the service name shown in red.
Common reasons:
- Script was interrupted
- Windows Update re-enabled it
- Group Policy override (corporate machines)
App Shows “STILL INSTALLED”
The app didn’t get removed. Remove it manually:
# Run as Administrator
Get-AppxPackage -Name "Microsoft.BingNews" -AllUsers | Remove-AppxPackage -AllUsers
Replace Microsoft.BingNews with the app name shown in red.
Common reasons:
- App was in use during removal
- Provisioned for new users (requires
-AllUsersflag) - Protected system app (some can’t be removed)
Registry Key Shows “NOT SET”
The registry key didn’t get set. You’ll need to add it manually:
Telemetry:
# Run as Administrator
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Force | Out-Null
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Value 0 -Type DWord -Force
Advertising ID:
New-Item -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Force | Out-Null
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Value 0 -Type DWord -Force
Common reasons:
- Script ran without admin privileges
- Registry path didn’t exist
- Antivirus blocked the change
CDP Folder Shows “EXISTS with X items”
The folder block didn’t work. Here’s how to do it manually:
# Run as Administrator
$cdpPath = "$env:LOCALAPPDATA\ConnectedDevicesPlatform"
Remove-Item $cdpPath -Recurse -Force -ErrorAction SilentlyContinue
New-Item $cdpPath -ItemType File -Force | Out-Null
attrib +r +s +h $cdpPath
What this does:
- Deletes the folder
- Creates a file with the same name
- Marks it read-only, system, hidden
- Windows can’t recreate the folder because a file exists there
CDP Folder Shows “Deleted (may recreate)”
Yellow warning means the folder was deleted but not blocked.
Windows will probably recreate it on next boot. Run the blocking commands above to stop that.
Re-Running After Updates
Windows Updates can undo your changes. After major updates:
- Run the verification script
- Note any red items
- Re-run the main script if needed, or fix manually
I’d suggest running verification monthly or after any Windows feature update.
Manual Verification (Without Script)
If you prefer to check manually:
Check Services
Get-Service DiagTrack, CDPSvc, SysMain | Select-Object Name, Status, StartType
Look for StartType: Disabled.
Check Apps
Get-AppxPackage -Name *Bing*, *Xbox*, *YourPhone* | Select-Object Name
If nothing returns, they’re removed.
Check Registry
Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name AllowTelemetry
Should show AllowTelemetry : 0.
Check CDP Folder
Test-Path "$env:LOCALAPPDATA\ConnectedDevicesPlatform" -PathType Leaf
Should return True (it’s a file, not a folder).
Additional Resources
- Part 1: Securing Windows 11 for Privacy - The main script
- Microsoft Privacy Dashboard - See what Microsoft has collected
- O&O ShutUp10++ - GUI alternative for privacy settings
TL;DR
- Run the verification script after rebooting to confirm changes
- Green = good, red = needs attention
- Troubleshoot manually using the commands provided
- Re-verify after Windows Updates - they can undo your changes
- Monthly checks recommended for ongoing privacy
Your Turn
Did everything come back green?
Any stubborn services or apps that won’t stay disabled?
What other checks would you add to the verification script?
Drop a comment below!