For ThreatLocker webinar series 100 days to secure your environment: Week 1

‍NOTE: Some Group Policy settings might require the necessary ADMX files for it to be configured in Group Policy Management Editor. They can be downloaded here.

Windows includes a default privacy setting that enables a "keylogging" component, known as Inking & typing personalization, in both Windows 10 and 11. While users can disable this feature manually in Settings, it’s also possible to enforce this setting across domain-joined devices using Group Policy.

Below are the steps to deploy this configuration across your organization depending on your preference of enforcement:

Group Policy (Windows Server Active Directory)

How to Disable Windows from Getting to Know You (Inking and typing recognition) via Group Policy:

Configure Improve inking and typing recognition Group Policya. In the Group Policy Management Editor, expand the Computer Configuration node.

1. In the Group Policy Management Editor, expand the Computer Configuration node.
2. Navigate to Policies > Administrative Templates > Windows Components > Text Input.
3. Set to Disabled:
      a. Double-click Improve inking and typing recognition.
       b. Select Disabled.
       c. Click Apply.
   ‍‍

‍

Steps for disabling Windows from Getting to Know You (Inking and typing recognition) via Registry Editor:

Configure Improve inking and typing recognition Registry Editor:

1. In the Registry Editor, expand the Computer Configuration node.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InputPersonalization  
3. ‍Set the following Registry keys:
   ‍
   
   • Value Name: Installed
     Type: REG_DWORD
     Value: 1
     ‍
   • Value Name: RestrictImplicitInkCollection
     Type: REG_DWORD
     Value: 0
     ‍
   • Value Name: RestrictImplicitTextCollection
     Type: REG_DWORD
     Value: 0
     ‍
   • Value Name: RestrictImplicitTextCollection
     Type: REG_DWORD
     Value: 0
     ‍
   • Value Name: Shutdown
     Type: REG_DWORD
     Value: 0
     ‍

‍

Steps for limiting telemetry data sent to Microsoft via Group Policy:

Another setting that can be adjusted to limit data sent to Microsoft is the use of Telemetry Data. While an Enterprise edition of Windows is required for one of the settings, you can still set it to a Basic level of telemetry data to limit what your machines send. Here’s how:

Configure Allow Telemetry Group Policy:

1. In the Group Policy Management Editor, expand the Computer Configuration node.
2. Navigate to Policies > Administrative Templates > Windows Components > Data Collection and Preview Builds.

Set Allow Telemetry:

1. Set to 0 – Security [Enterprise Only] or 1 - Required :
   
   • Double-click Allow Telemetry.
   • Select Enabled, and chose Set to 0 – Security [Enterprise Only] or 1 – Required as one of the options.
   • Click Apply.

Disabling Inking & Typing Personalization helps limit the collection of user input data in both Windows 10 and 11. Whether applied manually through Settings or enforced via Group Policy on domain-joined devices, this change enhances user privacy and aligns system configuration with stricter data handling practices.