From 9871739727b98f36c25dbc094a955c27682107a0 Mon Sep 17 00:00:00 2001
From: Elliot Chernofsky <echernofsky@google.com>
Date: Fri, 1 Aug 2025 23:02:28 +0000
Subject: [PATCH 1/2] Refactor: Create function to handle start menu cleanup

Refactors  to use a new  function.

This change eliminates code duplication between the  and  sections, making the script more maintainable.
---
 packages/debloat.vm/debloat.vm.nuspec         |  2 +-
 .../debloat.vm/tools/chocolateyinstall.ps1    | 46 ++++++++++++++-----
 2 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/packages/debloat.vm/debloat.vm.nuspec b/packages/debloat.vm/debloat.vm.nuspec
index 6d2721de4..f50987607 100644
--- a/packages/debloat.vm/debloat.vm.nuspec
+++ b/packages/debloat.vm/debloat.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>debloat.vm</id>
-    <version>0.0.0.20250731</version>
+    <version>0.0.0.20250801</version>
     <description>Debloat and performance configurations for Windows OS</description>
     <authors>Mandiant</authors>
     <dependencies>
diff --git a/packages/debloat.vm/tools/chocolateyinstall.ps1 b/packages/debloat.vm/tools/chocolateyinstall.ps1
index 5b63e11c6..96bcf91c7 100644
--- a/packages/debloat.vm/tools/chocolateyinstall.ps1
+++ b/packages/debloat.vm/tools/chocolateyinstall.ps1
@@ -54,6 +54,33 @@ function Fix-AppxPackageDeployment {
     }
 }
 
+function Clean-Win11StartMenu {
+    <#
+    .SYNOPSIS
+        Cleans up the start menu by copying a predefined binary file.
+
+    .DESCRIPTION
+        This function handles the logic for cleaning up the Windows 11 start menu
+        by replacing the default configuration files. It uses a predefined
+        'start2.bin' file to ensure a consistent, clean start menu layout.
+        This is a shared function called by both 'Win11' and 'Win11ARM' sections
+        to avoid code duplication.
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$PackageStartDir
+    )
+
+    VM-Write-Log "INFO" "Cleaning up start menu in Windows 11."
+
+    # Cleanest solution possible given lack of relative path and infinite paths for user download location
+    Copy-Item -Path (Join-Path $PackageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\")
+
+    # Cover case in older win11 versions where the config file is still start.bin
+    Copy-Item -Path (Join-Path $PackageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start.bin")
+}
+
 try {
     # Determine OS Version
     $osVersion = VM-Get-WindowsVersion
@@ -62,24 +89,21 @@ try {
     $packageStartDir = Join-Path $packageToolsDir "start" -Resolve
 
     switch ($osVersion) {
-        "Win10" { $config = Join-Path $packageToolsDir "win10.xml" }
+        "Win10" {
+            $config = Join-Path $packageToolsDir "win10.xml"
+        }
         "Win11" {
             $config = Join-Path $packageToolsDir "win11.xml"
-            VM-Write-Log "INFO" "Cleaning up start menu in Windows 11."
-            # Clean up start menu. Cleanest solution possible given lack
-            # of relative path and inifinite paths for user download location
-            Copy-Item -Path (Join-Path $packageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\")
-            # cover case in older win11 versions where the config file is still start.bin
-            Copy-Item -Path (Join-Path $packageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start.bin")
+            # Call the new function to clean the start menu
+            Clean-Win11StartMenu -PackageStartDir $packageStartDir
 
             # Call the function to apply the AppxPackage fix for Windows 11
             Fix-AppxPackageDeployment
         }
         "Win11ARM" {
             $config = Join-Path $packageToolsDir "win11arm.xml"
-            VM-Write-Log "INFO" "Cleaning up start menu in Windows 11."
-            Copy-Item -Path (Join-Path $packageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\")
-            Copy-Item -Path (Join-Path $packageStartDir "start2.bin") -Destination (Join-Path ${Env:UserProfile} "Appdata\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start.bin")
+            # Call the new function to clean the start menu
+            Clean-Win11StartMenu -PackageStartDir $packageStartDir
         }
         default {
             VM-Write-Log "WARN" "Debloater unable to determine Windows version, defaulting to Windows 10."
@@ -92,4 +116,4 @@ try {
 }
 catch {
     VM-Write-Log-Exception $_
-}
+}
\ No newline at end of file

From f247720a43d67024d8ac5b53cda626d35891c9b2 Mon Sep 17 00:00:00 2001
From: Elliot Chernofsky <echernofsky@google.com>
Date: Sat, 2 Aug 2025 00:19:33 +0000
Subject: [PATCH 2/2] Fix: Improve error handling and prevent script from
 halting

Refactored the  function to include granular  blocks within each processing loop. This prevents a single configuration error, such as an invalid registry type, from halting the entire script.

The change ensures that the script continues to process subsequent items in the XML configuration file, while still logging a specific error message for any individual item that fails.
---
 packages/common.vm/common.vm.nuspec           |   2 +-
 .../common.vm/tools/vm.common/vm.common.psm1  |  94 ++++++++----
 packages/debloat.vm/debloat.vm.nuspec         |   2 +-
 packages/debloat.vm/tools/win11.xml           | 134 +++++++++---------
 packages/debloat.vm/tools/win11arm.xml        | 134 +++++++++---------
 5 files changed, 202 insertions(+), 164 deletions(-)

diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec
index b63a7ab20..95944276b 100755
--- a/packages/common.vm/common.vm.nuspec
+++ b/packages/common.vm/common.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>common.vm</id>
-    <version>0.0.0.20250509</version>
+    <version>0.0.0.20250801</version>
     <description>Common libraries for VM-packages</description>
     <authors>Mandiant</authors>
   </metadata>
diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1
index 7b640f498..06c43ab8e 100755
--- a/packages/common.vm/tools/vm.common/vm.common.psm1
+++ b/packages/common.vm/tools/vm.common/vm.common.psm1
@@ -1281,17 +1281,17 @@ function VM-Set-Service-Manual-Start {
         $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
         if ($service) {
             if ($service.Status -eq "Running") {
-                Write-Output "INFO" "Stopping service $serviceName..."
+                VM-Write-Log "INFO" "Stopping service $serviceName..."
                 Stop-Service -Name $service.Name -Force -ErrorAction Stop
-                Write-Output "INFO" "Service $serviceName has been stopped."
+                VM-Write-Log "INFO" "Service $serviceName has been stopped."
             }
             Set-Service -Name $service.Name -StartupType Manual
-            Write-Output "INFO" "Service $serviceName has been set to manual startup."
+            VM-Write-Log "INFO" "Service $serviceName has been set to manual startup."
         } else {
-            Write-Output "WARN" "Service $serviceName not found."
+            VM-Write-Log "WARN" "Service $serviceName not found."
         }
     } catch {
-        Write-Output "ERROR" "An error occurred: $_"
+        VM-Write-Log "ERROR" "An error occurred: $_"
     }
 }
 
@@ -1517,6 +1517,8 @@ function VM-Configure-PS-Logging {
 # Main function for debloater and configuration changes
 # Expects an XML file
 function VM-Apply-Configurations {
+    # Main function for debloater and configuration changes
+    # Expects an XML file
     param(
         [Parameter(Position = 0)]
         [string]$configFile
@@ -1526,73 +1528,109 @@ function VM-Apply-Configurations {
         # Load and parse the XML config file
         VM-Assert-Path $configFile
         $config = [xml](Get-Content $configFile)
+    } catch {
+        VM-Write-Log "ERROR" "An error occurred while loading or parsing the config file. Error: $_"
+        return # Exit the function if the file cannot be loaded.
+    }
 
-        # Process the apps
-        if ($config.config.apps.app) {
-            $config.config.apps.app | ForEach-Object {
+    # Process the apps
+    if ($config.config.apps.app) {
+        VM-Write-Log "INFO" "Processing Appx Packages..."
+        $config.config.apps.app | ForEach-Object {
+            try {
                 $appName = $_.name
                 VM-Remove-Appx-Package -appName $appName
+            } catch {
+                VM-Write-Log "ERROR" "Failed to remove app '$appName'. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the services
-        if ($config.config.services.service) {
-            $config.config.services.service | ForEach-Object {
+    # Process the services
+    if ($config.config.services.service) {
+        VM-Write-Log "INFO" "Processing services..."
+        $config.config.services.service | ForEach-Object {
+            try {
                 $serviceName = $_.name
                 VM-Set-Service-Manual-Start -serviceName $serviceName
+            } catch {
+                VM-Write-Log "ERROR" "Failed to set service '$serviceName' to manual start. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the tasks
-        if ($config.config.tasks.task) {
-            $config.config.tasks.task | ForEach-Object {
+    # Process the tasks
+    if ($config.config.tasks.task) {
+        VM-Write-Log "INFO" "Processing scheduled tasks..."
+        $config.config.tasks.task | ForEach-Object {
+            try {
                 $descName = $_.name
                 $taskName = $_.value
                 VM-Disable-Scheduled-Task -name $descName -value $taskName
+            } catch {
+                VM-Write-Log "ERROR" "Failed to disable task '$taskName'. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the registry items
-        if ($config.config."registry-items"."registry-item") {
-            $config.config."registry-items"."registry-item" | ForEach-Object {
+    # Process the registry items
+    if ($config.config."registry-items"."registry-item") {
+        VM-Write-Log "INFO" "Processing registry items..."
+        $config.config."registry-items"."registry-item" | ForEach-Object {
+            try {
                 $name = $_.name
                 $path = $_.path
                 $value = $_.value
                 $type = $_.type
                 $data = $_.data
                 VM-Update-Registry-Value -name $name -path $path -value $value -type $type -data $data
+            } catch {
+                VM-Write-Log "ERROR" "Failed to update registry item '$name'. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the path items
-        if ($config.config."path-items"."path-item") {
-            $config.config."path-items"."path-item" | ForEach-Object {
+    # Process the path items
+    if ($config.config."path-items"."path-item") {
+        VM-Write-Log "INFO" "Processing path items..."
+        $config.config."path-items"."path-item" | ForEach-Object {
+            try {
                 $name = $_.name
                 $type = $_.type
                 $path = $_.path
                 VM-Remove-Path -name $name -type $type -path $path
+            } catch {
+                VM-Write-Log "ERROR" "Failed to remove path item '$name'. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the locales
-        if ($config.config."locales"."locale") {
-            $config.config."locales"."locale" | ForEach-Object {
+    # Process the locales
+    if ($config.config."locales"."locale") {
+        VM-Write-Log "INFO" "Processing locales..."
+        $config.config."locales"."locale" | ForEach-Object {
+            try {
                 $name = $_.name
                 $lang = $_.lang
                 VM-Install-Locale -name $name -lang $lang
+            } catch {
+                VM-Write-Log "ERROR" "Failed to install locale '$name'. Error: $($_.Exception.Message)"
             }
         }
+    }
 
-        # Process the custom items
-        if ($config.config."custom-items"."custom-item") {
-            $config.config."custom-items"."custom-item" | ForEach-Object {
+    # Process the custom items
+    if ($config.config."custom-items"."custom-item") {
+        VM-Write-Log "INFO" "Processing custom commands..."
+        $config.config."custom-items"."custom-item" | ForEach-Object {
+            try {
                 $name = $_.name
                 $cmds = @($_.cmd | ForEach-Object { $_.value })
                 VM-Execute-Custom-Command -name $name -cmds $cmds
+            } catch {
+                VM-Write-Log "ERROR" "Failed to execute custom commands for '$name'. Error: $($_.Exception.Message)"
             }
         }
-    } catch {
-        VM-Write-Log "ERROR" "An error occurred while applying config. Error: $_"
     }
 }
 
diff --git a/packages/debloat.vm/debloat.vm.nuspec b/packages/debloat.vm/debloat.vm.nuspec
index f50987607..c1caf1e69 100644
--- a/packages/debloat.vm/debloat.vm.nuspec
+++ b/packages/debloat.vm/debloat.vm.nuspec
@@ -6,7 +6,7 @@
     <description>Debloat and performance configurations for Windows OS</description>
     <authors>Mandiant</authors>
     <dependencies>
-      <dependency id="common.vm" version="0.0.0.20250407" />
+      <dependency id="common.vm" version="0.0.0.20250801" />
     </dependencies>
   </metadata>
 </package>
diff --git a/packages/debloat.vm/tools/win11.xml b/packages/debloat.vm/tools/win11.xml
index 60c3e7473..f04fc271d 100644
--- a/packages/debloat.vm/tools/win11.xml
+++ b/packages/debloat.vm/tools/win11.xml
@@ -258,96 +258,96 @@
         <registry-item name="Disable Windows Update Automatic Download" path="HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" value="AUOptions" type="DWord" data="2" />
         <registry-item name="Disable Windows Update Automatic Restart" path="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotification.exe" value="Debugger" type="String" data="cmd.exe" />
         <registry-item name="Disable Microsoft Connectivity Test (msftconnecttest.com)" path="HKLM:\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet" value="EnableActiveProbing" type="DWord" data="0" />
-        <registry-item name="Disable Resetbase" path="HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" value="DisableResetbase" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable LetAppsActivateWithVoice" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable Resetbase" path="HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" value="DisableResetbase" type="DWord" data="0"/>
+        <registry-item name="Disable LetAppsActivateWithVoice" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsActivateWithVoice_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoice_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoice_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
-        <registry-item name="Disable LetAppsActivateWithVoiceAboveLock" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsActivateWithVoiceAboveLock" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
-        <registry-item name="Disable LetAppsAccessLocation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsAccessLocation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessLocation_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessLocation_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessLocation_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable location CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable lfsvc Status" path="HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" value="Status" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable LetAppsAccessAccountInfo" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable lfsvc Status" path="HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" value="Status" type="DWord" data="0"/>
+        <registry-item name="Disable LetAppsAccessAccountInfo" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable userAccountInformation CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable LetAppsAccessMotion" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsAccessMotion" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessMotion_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessMotion_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessMotion_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable activity CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable CEIPEnable SQMClient Windows" path="HKLM\Software\Policies\Microsoft\SQMClient\Windows" value="CEIPEnable" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable CEIPEnable SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="CEIPEnable" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable UploadDisableFlag SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="UploadDisableFlag" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable CEIPEnable SQMClient Windows" path="HKLM\Software\Policies\Microsoft\SQMClient\Windows" value="CEIPEnable" type="DWord" data="0"/>
+        <registry-item name="Disable CEIPEnable SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="CEIPEnable" type="DWord" data="0"/>
+        <registry-item name="Disable UploadDisableFlag SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="UploadDisableFlag" type="DWord" data="0"/>
         <registry-item name="Disable Debugger CompatTelRunner.exe" path="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" value="Debugger" type="REG_SZ" data="%SYSTEMROOT%\System32\taskkill.exe"/>
         <registry-item name="Disable Debugger DeviceCensus.exe" path="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" value="Debugger" type="REG_SZ" data="%SYSTEMROOT%\System32\taskkill.exe"/>
-        <registry-item name="Disable AllowDesktopAnalyticsProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDesktopAnalyticsProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowDeviceNameInTelemetry" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDeviceNameInTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable MicrosoftEdgeDataOptIn" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="MicrosoftEdgeDataOptIn" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowWUfBCloudProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowWUfBCloudProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowUpdateComplianceProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowUpdateComplianceProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowCommercialDataPipeline" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowCommercialDataPipeline" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowTelemetry DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="AllowTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowTelemetry DataCollection Policies" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DisableOneSettingsDownloads" path="HKLM\Software\Policies\Microsoft\Windows\DataCollection" value="DisableOneSettingsDownloads" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable NoGenTicket" path="HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" value="NoGenTicket" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Disabled Windows Error Reporting" path="HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Disabled Windows Error Reporting Microsoft" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DefaultConsent Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultConsent" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DefaultOverrideBehavior Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultOverrideBehavior" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DontSendAdditionalData Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="DontSendAdditionalData" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable LoggingDisabled Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="LoggingDisabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DODownloadMode" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" value="DODownloadMode" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DisableSoftLanding" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" value="DisableSoftLanding" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableWindowsSpotlightFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsSpotlightFeatures" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableWindowsConsumerFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsConsumerFeatures" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisabledByGroupPolicy" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" value="DisabledByGroupPolicy" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable EnableExperimentation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableExperimentation" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable EnableConfigFlighting" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableConfigFlighting" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowExperimentation" path="HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" value="value" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowBuildPreview" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="AllowBuildPreview" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable HideInsiderPage" path="HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" value="HideInsiderPage" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications Policies DataCollection" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Enabled TIPC" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies 2" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Enabled TIPC 2" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable HideSCAMeetNow Explorer" path="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" value="HideSCAMeetNow" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable TurnOffWindowsCopilot" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableFileSyncNGSC OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSyncNGSC" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableFileSync OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSync" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable AgentActivationEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AgentActivationOnLockScreenEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationOnLockScreenEnabled" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable AllowDesktopAnalyticsProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDesktopAnalyticsProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowDeviceNameInTelemetry" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDeviceNameInTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable MicrosoftEdgeDataOptIn" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="MicrosoftEdgeDataOptIn" type="DWord" data="0"/>
+        <registry-item name="Disable AllowWUfBCloudProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowWUfBCloudProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowUpdateComplianceProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowUpdateComplianceProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowCommercialDataPipeline" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowCommercialDataPipeline" type="DWord" data="0"/>
+        <registry-item name="Disable AllowTelemetry DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="AllowTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable AllowTelemetry DataCollection Policies" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable DisableOneSettingsDownloads" path="HKLM\Software\Policies\Microsoft\Windows\DataCollection" value="DisableOneSettingsDownloads" type="DWord" data="1"/>
+        <registry-item name="Disable NoGenTicket" path="HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" value="NoGenTicket" type="DWord" data="1"/>
+        <registry-item name="Disable Disabled Windows Error Reporting" path="HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="DWord" data="1"/>
+        <registry-item name="Disable Disabled Windows Error Reporting Microsoft" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="DWord" data="1"/>
+        <registry-item name="Disable DefaultConsent Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultConsent" type="DWord" data="1"/>
+        <registry-item name="Disable DefaultOverrideBehavior Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultOverrideBehavior" type="DWord" data="1"/>
+        <registry-item name="Disable DontSendAdditionalData Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="DontSendAdditionalData" type="DWord" data="1"/>
+        <registry-item name="Disable LoggingDisabled Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="LoggingDisabled" type="DWord" data="1"/>
+        <registry-item name="Disable DODownloadMode" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" value="DODownloadMode" type="DWord" data="0"/>
+        <registry-item name="Disable DisableSoftLanding" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" value="DisableSoftLanding" type="DWord" data="1"/>
+        <registry-item name="Disable DisableWindowsSpotlightFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsSpotlightFeatures" type="DWord" data="1"/>
+        <registry-item name="Disable DisableWindowsConsumerFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsConsumerFeatures" type="DWord" data="1"/>
+        <registry-item name="Disable DisabledByGroupPolicy" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" value="DisabledByGroupPolicy" type="DWord" data="1"/>
+        <registry-item name="Disable EnableExperimentation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableExperimentation" type="DWord" data="0"/>
+        <registry-item name="Disable EnableConfigFlighting" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableConfigFlighting" type="DWord" data="0"/>
+        <registry-item name="Disable AllowExperimentation" path="HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" value="value" type="DWord" data="0"/>
+        <registry-item name="Disable AllowBuildPreview" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="AllowBuildPreview" type="DWord" data="0"/>
+        <registry-item name="Disable HideInsiderPage" path="HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" value="HideInsiderPage" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications Policies DataCollection" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable Enabled TIPC" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies 2" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable Enabled TIPC 2" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable HideSCAMeetNow Explorer" path="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" value="HideSCAMeetNow" type="DWord" data="1"/>
+        <registry-item name="Disable TurnOffWindowsCopilot" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>
+        <registry-item name="Disable DisableFileSyncNGSC OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSyncNGSC" type="DWord" data="1"/>
+        <registry-item name="Disable DisableFileSync OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSync" type="DWord" data="1"/>
+        <registry-item name="Disable AgentActivationEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable AgentActivationOnLockScreenEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationOnLockScreenEnabled" type="DWord" data="0"/>
         <registry-item name="Disable Value DeviceAccess Global" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" value="Value" type="REG_SZ" data="Deny"/>
         <registry-item name="Disable Value DeviceAccess Global 2" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}" value="Value" type="REG_SZ" data="Deny"/>
         <registry-item name="Disable Value DeviceAccess Global 3" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable IsMSACloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsMSACloudSearchEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable IsAADCloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsAADCloudSearchEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled AdvertisingInfo" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-338393Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-338393Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-353694Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353694Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-353696Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353696Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable NumberOfSIUFInPeriod" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AcceptedPrivacyPolicy" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled TIPC" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable NumberOfSIUFInPeriod (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AcceptedPrivacyPolicy (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled TIPC (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable ShowCopilotButton" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="ShowCopilotButton" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AutoOpenCopilotLargeScreens" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" value="AutoOpenCopilotLargeScreens" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable IsUserEligible BingChat" path="HKCU\Software\Microsoft\Windows\Shell\Copilot\BingChat" value="IsUserEligible" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable TurnOffWindowsCopilot" path="HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable TaskbarDa" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable System.IsPinnedToNameSpaceTree CLSID" path="HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable System.IsPinnedToNameSpaceTree Wow6432Node CLSID" path="HKCU\Software\Classes\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable IsMSACloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsMSACloudSearchEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable IsAADCloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsAADCloudSearchEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled AdvertisingInfo" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-338393Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-338393Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-353694Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353694Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-353696Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353696Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable NumberOfSIUFInPeriod" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="DWord" data="0"/>
+        <registry-item name="Disable AcceptedPrivacyPolicy" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled TIPC" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable NumberOfSIUFInPeriod (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="DWord" data="0"/>
+        <registry-item name="Disable AcceptedPrivacyPolicy (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled TIPC (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable ShowCopilotButton" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="ShowCopilotButton" type="DWord" data="0"/>
+        <registry-item name="Disable AutoOpenCopilotLargeScreens" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" value="AutoOpenCopilotLargeScreens" type="DWord" data="0"/>
+        <registry-item name="Disable IsUserEligible BingChat" path="HKCU\Software\Microsoft\Windows\Shell\Copilot\BingChat" value="IsUserEligible" type="DWord" data="0"/>
+        <registry-item name="Disable TurnOffWindowsCopilot" path="HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>
+        <registry-item name="Disable TaskbarDa" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="DWord" data="0"/>
+        <registry-item name="Disable System.IsPinnedToNameSpaceTree CLSID" path="HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="DWord" data="0"/>
+        <registry-item name="Disable System.IsPinnedToNameSpaceTree Wow6432Node CLSID" path="HKCU\Software\Classes\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="DWord" data="0"/>
         <registry-item name="Disable TaskbarDa" path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="DWord" data="0"/>
         <registry-item name="Disable MicrosoftWindows.Client.WebExperience" path="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy" value="" type="String" data=""/>
         <registry-item name="Disable Windows Copilot (Machine)" path="HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>
diff --git a/packages/debloat.vm/tools/win11arm.xml b/packages/debloat.vm/tools/win11arm.xml
index 60c3e7473..f04fc271d 100644
--- a/packages/debloat.vm/tools/win11arm.xml
+++ b/packages/debloat.vm/tools/win11arm.xml
@@ -258,96 +258,96 @@
         <registry-item name="Disable Windows Update Automatic Download" path="HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" value="AUOptions" type="DWord" data="2" />
         <registry-item name="Disable Windows Update Automatic Restart" path="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotification.exe" value="Debugger" type="String" data="cmd.exe" />
         <registry-item name="Disable Microsoft Connectivity Test (msftconnecttest.com)" path="HKLM:\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet" value="EnableActiveProbing" type="DWord" data="0" />
-        <registry-item name="Disable Resetbase" path="HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" value="DisableResetbase" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable LetAppsActivateWithVoice" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable Resetbase" path="HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" value="DisableResetbase" type="DWord" data="0"/>
+        <registry-item name="Disable LetAppsActivateWithVoice" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsActivateWithVoice_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoice_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoice_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoice_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
-        <registry-item name="Disable LetAppsActivateWithVoiceAboveLock" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsActivateWithVoiceAboveLock" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsActivateWithVoiceAboveLock_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
-        <registry-item name="Disable LetAppsAccessLocation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsAccessLocation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessLocation_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessLocation_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessLocation_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessLocation_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable location CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable lfsvc Status" path="HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" value="Status" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable LetAppsAccessAccountInfo" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable lfsvc Status" path="HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" value="Status" type="DWord" data="0"/>
+        <registry-item name="Disable LetAppsAccessAccountInfo" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessAccountInfo_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessAccountInfo_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable userAccountInformation CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable LetAppsAccessMotion" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion" type="REG_DWORD" data="2"/>
+        <registry-item name="Disable LetAppsAccessMotion" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion" type="DWord" data="2"/>
         <registry-item name="Disable LetAppsAccessMotion_UserInControlOfTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_UserInControlOfTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessMotion_ForceAllowTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_ForceAllowTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable LetAppsAccessMotion_ForceDenyTheseApps" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" value="LetAppsAccessMotion_ForceDenyTheseApps" type="REG_MULTI_SZ" data="0"/>
         <registry-item name="Disable activity CapabilityAccessManager" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable CEIPEnable SQMClient Windows" path="HKLM\Software\Policies\Microsoft\SQMClient\Windows" value="CEIPEnable" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable CEIPEnable SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="CEIPEnable" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable UploadDisableFlag SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="UploadDisableFlag" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable CEIPEnable SQMClient Windows" path="HKLM\Software\Policies\Microsoft\SQMClient\Windows" value="CEIPEnable" type="DWord" data="0"/>
+        <registry-item name="Disable CEIPEnable SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="CEIPEnable" type="DWord" data="0"/>
+        <registry-item name="Disable UploadDisableFlag SQMClient" path="HKLM\Software\Microsoft\SQMClient" value="UploadDisableFlag" type="DWord" data="0"/>
         <registry-item name="Disable Debugger CompatTelRunner.exe" path="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" value="Debugger" type="REG_SZ" data="%SYSTEMROOT%\System32\taskkill.exe"/>
         <registry-item name="Disable Debugger DeviceCensus.exe" path="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DeviceCensus.exe" value="Debugger" type="REG_SZ" data="%SYSTEMROOT%\System32\taskkill.exe"/>
-        <registry-item name="Disable AllowDesktopAnalyticsProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDesktopAnalyticsProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowDeviceNameInTelemetry" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDeviceNameInTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable MicrosoftEdgeDataOptIn" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="MicrosoftEdgeDataOptIn" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowWUfBCloudProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowWUfBCloudProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowUpdateComplianceProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowUpdateComplianceProcessing" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowCommercialDataPipeline" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowCommercialDataPipeline" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowTelemetry DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="AllowTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowTelemetry DataCollection Policies" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowTelemetry" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DisableOneSettingsDownloads" path="HKLM\Software\Policies\Microsoft\Windows\DataCollection" value="DisableOneSettingsDownloads" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable NoGenTicket" path="HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" value="NoGenTicket" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Disabled Windows Error Reporting" path="HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Disabled Windows Error Reporting Microsoft" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DefaultConsent Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultConsent" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DefaultOverrideBehavior Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultOverrideBehavior" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DontSendAdditionalData Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="DontSendAdditionalData" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable LoggingDisabled Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="LoggingDisabled" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DODownloadMode" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" value="DODownloadMode" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DisableSoftLanding" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" value="DisableSoftLanding" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableWindowsSpotlightFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsSpotlightFeatures" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableWindowsConsumerFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsConsumerFeatures" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisabledByGroupPolicy" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" value="DisabledByGroupPolicy" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable EnableExperimentation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableExperimentation" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable EnableConfigFlighting" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableConfigFlighting" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowExperimentation" path="HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" value="value" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AllowBuildPreview" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="AllowBuildPreview" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable HideInsiderPage" path="HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" value="HideInsiderPage" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications Policies DataCollection" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Enabled TIPC" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies 2" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable Enabled TIPC 2" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable HideSCAMeetNow Explorer" path="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" value="HideSCAMeetNow" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable TurnOffWindowsCopilot" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableFileSyncNGSC OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSyncNGSC" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable DisableFileSync OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSync" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable AgentActivationEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AgentActivationOnLockScreenEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationOnLockScreenEnabled" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable AllowDesktopAnalyticsProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDesktopAnalyticsProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowDeviceNameInTelemetry" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowDeviceNameInTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable MicrosoftEdgeDataOptIn" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="MicrosoftEdgeDataOptIn" type="DWord" data="0"/>
+        <registry-item name="Disable AllowWUfBCloudProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowWUfBCloudProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowUpdateComplianceProcessing" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowUpdateComplianceProcessing" type="DWord" data="0"/>
+        <registry-item name="Disable AllowCommercialDataPipeline" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowCommercialDataPipeline" type="DWord" data="0"/>
+        <registry-item name="Disable AllowTelemetry DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="AllowTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable AllowTelemetry DataCollection Policies" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="AllowTelemetry" type="DWord" data="0"/>
+        <registry-item name="Disable DisableOneSettingsDownloads" path="HKLM\Software\Policies\Microsoft\Windows\DataCollection" value="DisableOneSettingsDownloads" type="DWord" data="1"/>
+        <registry-item name="Disable NoGenTicket" path="HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" value="NoGenTicket" type="DWord" data="1"/>
+        <registry-item name="Disable Disabled Windows Error Reporting" path="HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="DWord" data="1"/>
+        <registry-item name="Disable Disabled Windows Error Reporting Microsoft" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="Disabled" type="DWord" data="1"/>
+        <registry-item name="Disable DefaultConsent Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultConsent" type="DWord" data="1"/>
+        <registry-item name="Disable DefaultOverrideBehavior Windows Error Reporting Consent" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" value="DefaultOverrideBehavior" type="DWord" data="1"/>
+        <registry-item name="Disable DontSendAdditionalData Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="DontSendAdditionalData" type="DWord" data="1"/>
+        <registry-item name="Disable LoggingDisabled Windows Error Reporting" path="HKLM\Software\Microsoft\Windows\Windows Error Reporting" value="LoggingDisabled" type="DWord" data="1"/>
+        <registry-item name="Disable DODownloadMode" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" value="DODownloadMode" type="DWord" data="0"/>
+        <registry-item name="Disable DisableSoftLanding" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" value="DisableSoftLanding" type="DWord" data="1"/>
+        <registry-item name="Disable DisableWindowsSpotlightFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsSpotlightFeatures" type="DWord" data="1"/>
+        <registry-item name="Disable DisableWindowsConsumerFeatures" path="HKLM\Software\Policies\Microsoft\Windows\CloudContent" value="DisableWindowsConsumerFeatures" type="DWord" data="1"/>
+        <registry-item name="Disable DisabledByGroupPolicy" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" value="DisabledByGroupPolicy" type="DWord" data="1"/>
+        <registry-item name="Disable EnableExperimentation" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableExperimentation" type="DWord" data="0"/>
+        <registry-item name="Disable EnableConfigFlighting" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="EnableConfigFlighting" type="DWord" data="0"/>
+        <registry-item name="Disable AllowExperimentation" path="HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" value="value" type="DWord" data="0"/>
+        <registry-item name="Disable AllowBuildPreview" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" value="AllowBuildPreview" type="DWord" data="0"/>
+        <registry-item name="Disable HideInsiderPage" path="HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" value="HideInsiderPage" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications Policies DataCollection" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable Enabled TIPC" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies" path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable DoNotShowFeedbackNotifications DataCollection Policies 2" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" value="DoNotShowFeedbackNotifications" type="DWord" data="1"/>
+        <registry-item name="Disable Enabled TIPC 2" path="HKLM\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable HideSCAMeetNow Explorer" path="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" value="HideSCAMeetNow" type="DWord" data="1"/>
+        <registry-item name="Disable TurnOffWindowsCopilot" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>
+        <registry-item name="Disable DisableFileSyncNGSC OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSyncNGSC" type="DWord" data="1"/>
+        <registry-item name="Disable DisableFileSync OneDrive" path="HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" value="DisableFileSync" type="DWord" data="1"/>
+        <registry-item name="Disable AgentActivationEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable AgentActivationOnLockScreenEnabled" path="HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" value="AgentActivationOnLockScreenEnabled" type="DWord" data="0"/>
         <registry-item name="Disable Value DeviceAccess Global" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" value="Value" type="REG_SZ" data="Deny"/>
         <registry-item name="Disable Value DeviceAccess Global 2" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}" value="Value" type="REG_SZ" data="Deny"/>
         <registry-item name="Disable Value DeviceAccess Global 3" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" value="Value" type="REG_SZ" data="Deny"/>
-        <registry-item name="Disable IsMSACloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsMSACloudSearchEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable IsAADCloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsAADCloudSearchEnabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled AdvertisingInfo" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-338393Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-338393Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-353694Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353694Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable SubscribedContent-353696Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353696Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable NumberOfSIUFInPeriod" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AcceptedPrivacyPolicy" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled TIPC" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable NumberOfSIUFInPeriod (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AcceptedPrivacyPolicy (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable Enabled TIPC (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable ShowCopilotButton" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="ShowCopilotButton" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable AutoOpenCopilotLargeScreens" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" value="AutoOpenCopilotLargeScreens" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable IsUserEligible BingChat" path="HKCU\Software\Microsoft\Windows\Shell\Copilot\BingChat" value="IsUserEligible" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable TurnOffWindowsCopilot" path="HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="REG_DWORD" data="1"/>
-        <registry-item name="Disable TaskbarDa" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable System.IsPinnedToNameSpaceTree CLSID" path="HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="REG_DWORD" data="0"/>
-        <registry-item name="Disable System.IsPinnedToNameSpaceTree Wow6432Node CLSID" path="HKCU\Software\Classes\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="REG_DWORD" data="0"/>
+        <registry-item name="Disable IsMSACloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsMSACloudSearchEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable IsAADCloudSearchEnabled" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SearchSettings" value="IsAADCloudSearchEnabled" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled AdvertisingInfo" path="HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-338393Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-338393Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-353694Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353694Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable SubscribedContent-353696Enabled" path="HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" value="SubscribedContent-353696Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable NumberOfSIUFInPeriod" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="DWord" data="0"/>
+        <registry-item name="Disable AcceptedPrivacyPolicy" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled TIPC" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable NumberOfSIUFInPeriod (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Siuf\Rules" value="NumberOfSIUFInPeriod" type="DWord" data="0"/>
+        <registry-item name="Disable AcceptedPrivacyPolicy (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Personalization\Settings" value="AcceptedPrivacyPolicy" type="DWord" data="0"/>
+        <registry-item name="Disable Enabled TIPC (Duplicate)" path="HKCU\SOFTWARE\Microsoft\Input\TIPC" value="Enabled" type="DWord" data="0"/>
+        <registry-item name="Disable ShowCopilotButton" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="ShowCopilotButton" type="DWord" data="0"/>
+        <registry-item name="Disable AutoOpenCopilotLargeScreens" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" value="AutoOpenCopilotLargeScreens" type="DWord" data="0"/>
+        <registry-item name="Disable IsUserEligible BingChat" path="HKCU\Software\Microsoft\Windows\Shell\Copilot\BingChat" value="IsUserEligible" type="DWord" data="0"/>
+        <registry-item name="Disable TurnOffWindowsCopilot" path="HKCU\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>
+        <registry-item name="Disable TaskbarDa" path="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="DWord" data="0"/>
+        <registry-item name="Disable System.IsPinnedToNameSpaceTree CLSID" path="HKCU\Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="DWord" data="0"/>
+        <registry-item name="Disable System.IsPinnedToNameSpaceTree Wow6432Node CLSID" path="HKCU\Software\Classes\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" value="System.IsPinnedToNameSpaceTree" type="DWord" data="0"/>
         <registry-item name="Disable TaskbarDa" path="HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" value="TaskbarDa" type="DWord" data="0"/>
         <registry-item name="Disable MicrosoftWindows.Client.WebExperience" path="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy" value="" type="String" data=""/>
         <registry-item name="Disable Windows Copilot (Machine)" path="HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot" value="TurnOffWindowsCopilot" type="DWord" data="1"/>