1. Complete Disable UAC step

Detailed information on firewall setup as well as GUI oriented tutorial could be found here.

STEP 1. Launch command prompt via cmd_rigutils.bat

3. You don't have to do anything until the script begins to ask you questions (see STEP 3 below). Here is just a step-by-step walkthrough of actions this script performs:

3.1. Saving current state of firewall into a backup file

set "BackupDir=%~dp0firewall.bak"
if not exist "%BackupDir%" (
    echo == Creating backup directory ==
    echo %BackupDir%
    mkdir "%BackupDir%" || goto :exitWithError
)
 
if not exist "%BackupDir%\firewall.wfw" (
    echo == Saving current firewall configuration ==
    echo file: %BackupDir%\firewall.wfw
    netsh advfirewall export "%BackupDir%\firewall.wfw" || goto :exitWithError    
)

Output:

== Creating backup directory ==
C:\bin\rigutils\windows_tuning\firewall.bak
 
== Saving current firewall configuration ==
file: C:\bin\rigutils\windows_tuning\firewall.bak\firewall.wfw
Ok.
 
For restoring of your original firewall configuration use the command:
  netsh advfirewall import C:\bin\rigutils\windows_tuning\firewall.bak\firewall.wfw
or the following command if you want to restore default Windows settings:
  netsh advfirewall reset

3.2. Disabling ALL non BLOCKING inbound rules

This nice one-liner powershell script loops through all inbound rules which allow connections and disables them one by one

powershell -Command "& { $fw=New-object -comObject HNetCfg.FwPolicy2 ; $fw.rules | where-object { $_.Direction -eq 1 -and $_.Enabled -eq $true -and $_.Action -ne 0 } | ForEach { echo $_.Name; $_.Enabled=0 }; $rc=@($rules).Count; echo ' ' \"$rc firewall rules were disabled\" }" || goto :exitWithError

Output:

== Disabling ALL PERMISSIVE inbound rules ==
<A lengthy list of disabled rules goes here>

201 firewall rules were disabled

For restoring of your original firewall configuration use the command:
  netsh advfirewall import C:\bin\rigutils\windows_tuning\firewall.bak\firewall.wfw
or the following command if you want to restore default Windows settings:
  netsh advfirewall reset

3.3. Disabling IPv6 Detailed information on IPv6 enabling/disabling could be found here at support.microsoft.com

set "RegPath=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters"
set "RegValue=255"
 
echo RegPath: %RegPath%
echo RegValue: %RegValue%
 
reg.exe ADD %RegPath% /v DisabledComponents /t REG_DWORD /d %RegValue% /f || goto :exitWithError

Output:

== Disabling IPv6 ==
RegPath: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
RegValue: 255
The operation completed successfully.

3.4. Activating the restrictive firewall policy

Read this nice blog post on working with firewall from CLI.

echo == Configuring firewall policy ==
echo deny ALL INCOMING connections with NO MATCHING rules and allow ALL OUTGOING connections
netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound || goto :exitWithError
 
echo To re-enable ALL INCOMING connections by default run the following command: 
echo   netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound

Output:

== Configuring firewall policy ==
deny ALL INCOMING connections with NO MATCHING rules and allow ALL OUTGOING connections
Ok.

To re-enable ALL INCOMING connections by default run the following command:
  netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound

GitHub ShutupTelemetry.bat