Last updated: March 15, 2026

Disable Windows Activity History through Settings (Privacy & security → Activity history: uncheck “Store my activity history on this device” and “Send my activity history to Microsoft”), which stops it from recording app launches, file access, browser history from Edge, and voice commands. For Pro/Enterprise editions, use Group Policy (gpldit.msc) to navigate to Computer Configuration → Administrative Templates → System → OS Policies and set “Allow activity history” to Disabled. Activity History feeds data to Timeline for resuming work across devices, but also creates a persistent log of sensitive activities like code files accessed, passwords potentially visible in window titles, and voice commands, disabling it eliminates this tracking vector for developers handling sensitive code or security researchers.

Table of Contents

What is Windows Activity History

Windows Activity History collects a timeline of your computing activities, storing data about apps used, files opened, websites visited, and even voice commands issued. This information syncs across your Microsoft account devices and serves as the backbone for features like Timeline, which allows you to resume activities on other devices.

The feature automatically captures:

While Microsoft positions Activity History as a productivity enhancement, the continuous recording of user behavior raises legitimate privacy concerns, particularly for developers handling sensitive code or security researchers analyzing vulnerable systems.

Prerequisites

Before you begin, make sure you have the following ready:

Step 1 - Method 1: Disabling Through Windows Settings

The most straightforward approach uses the native Settings application. Press Win + I to open Settings, then navigate to Privacy & security → Activity history. On this page, uncheck both “Store my activity history on this device” and “Send my activity history to Microsoft.”

Below these options, you will find a list of connected accounts. Remove any Microsoft accounts you do not want syncing activity data by clicking the account and selecting “Remove.” For users with local accounts only, this step may not appear, but verifying the toggle states remains important.

After disabling these options, scroll down to the “Show activities from these accounts” section and ensure no accounts remain connected. This prevents residual sync operations even after local collection stops.

Method 2 - Group Policy Configuration (Windows 10 Pro / 11 Pro / Enterprise)

For enterprise environments or users seeking programmatic control, Group Policy provides management capabilities. Press Win + R, type gpedit.msc, and press Enter to launch the Local Group Policy Editor.

Navigate through the following path:

Computer Configuration → Administrative Templates → System → OS Policies

Locate the policy named “Enable Activity Feed” and set it to Disabled. This single policy change prevents Windows from collecting and displaying activity history across the system.

For additional control, navigate to:

Computer Configuration → Administrative Templates → Windows Components → Cloud Content

Enable the policy “Turn off the cloud optimized experience” (sometimes labeled “Turn off all Cloud Tailored Experiences”). This prevents Microsoft from using your activity data to provide personalized recommendations and content.

Group Policy modifications take effect after running gpupdate /force from an elevated Command Prompt or PowerShell session. Rebooting ensures complete policy application.

Step 2 - Method 3: Registry Modifications (All Windows Editions)

Windows Home users lacking Group Policy access can achieve equivalent results through direct Registry edits. This method requires creating a backup before proceeding, as incorrect modifications can affect system stability.

Open Registry Editor by pressing Win + R, typing regedit, and pressing Enter. Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

If the key does not exist, create it by right-clicking “Windows” and selecting New → Key. Within the System key, create a new DWORD value named PublishUserActivities and set its value to 0.

For blocking, also navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInfo

Set the value Value to Deny instead of Allow.

Alternatively, you can apply these changes programmatically using PowerShell. The following script creates the necessary registry entries:

Disable Activity History via Registry
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System"
if (-not (Test-Path $registryPath)) {
 New-Item -Path $registryPath -Force | Out-Null
}
Set-ItemProperty -Path $registryPath -Name "PublishUserActivities" -Value 0 -Type DWord
Write-Host "Activity History disabled via Registry"

Save this script as disable-activity-history.ps1 and execute with administrator privileges. The -Type DWord parameter ensures proper registry value creation.

Step 3 - Method 4: PowerShell Automation Script

For developers managing multiple workstations or seeking repeatable deployment methods, a PowerShell script provides the most flexible solution. The following example combines multiple privacy settings:

Thorough Activity History Disabler
param(
 [switch]$Force
)

function Disable-ActivityHistory {
 Write-Host "Disabling Windows Activity History..." -ForegroundColor Yellow

 # Registry-based disable
 $regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System"
 if (-not (Test-Path $regPath)) {
 New-Item -Path $regPath -Force | Out-Null
 }
 Set-ItemProperty -Path $regPath -Name "PublishUserActivities" -Value 0 -Type DWord

 # Disable cloud sync
 $cloudPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent"
 if (-not (Test-Path $cloudPath)) {
 New-Item -Path $cloudPath -Force | Out-Null
 }
 Set-ItemProperty -Path $cloudPath -Name "DisableWindowsConsumerFeatures" -Value 1 -Type DWord

 # Clear existing activity history
 $activityPath = "$env:APPDATA\Microsoft\Windows\Activity"
 if (Test-Path $activityPath) {
 Get-ChildItem -Path $activityPath -Recurse | Remove-Item -Force -Recurse
 Write-Host "Cleared local activity cache"
 }

 Write-Host "Activity History successfully disabled" -ForegroundColor Green
}

Run with elevation check
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
 Write-Host "Administrator privileges required. Re-run as Administrator." -ForegroundColor Red
 exit 1
}

Disable-ActivityHistory

This script disables collection, prevents cloud sync, and clears existing cached data. Run it from an elevated PowerShell session with .\disable-activity-history.ps1.

Step 4 - Verify Your Configuration

After applying any method, verify that Activity History is properly disabled. Open Settings → Privacy & security → Activity history and confirm:

  1. The toggle “Store my activity history on this device” is off
  2. No accounts appear under “Show activities from these accounts”
  3. The activity timeline appears empty when accessed via Win + Tab

For programmatic verification, query the registry:

Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "PublishUserActivities"

A value of 0 confirms successful configuration.

Step 5 - Understand the Tradeoffs

Disabling Activity History affects certain Microsoft features. Timeline, which allows resuming browser sessions and documents across devices, requires Activity History to function. Third-party applications integrating with Windows Timeline may also lose functionality. Additionally, some Windows Spotlight features depend on activity data for personalization.

For developers, the privacy gains typically outweigh these losses. Code repositories, documentation, and development tools contain sensitive information that should not reside in Microsoft’s cloud infrastructure. Security researchers and penetration testers particularly benefit from disabling this tracking, as accidental exposure of sensitive testing activities could compromise assessments.

Regularly audit your privacy settings, as Windows updates sometimes reset these configurations. Maintaining a deployment script ensures consistent privacy posture across system updates and fresh installations.

Advanced Persistence and Forensic Techniques

For developers requiring forensic-level assurance, verify that Activity History has been wiped at the database level, not just disabled at the UI layer.

Windows stores Activity History data in a Windows.db database located at %APPDATA%\Microsoft\Windows\Activities\Cache. This SQLite database persists even when the UI toggle is disabled, creating a potential recovery vector for forensic tools.

Forensically wipe the Activity History database
$activityPath = "$env:APPDATA\Microsoft\Windows\Activities\Cache"

Verify database exists
if (Test-Path "$activityPath\windows.db") {
    # Close all handles to the database
    Get-Process | Where-Object {$_.ProcessName -eq "svchost"} | Stop-Process -Force -ErrorAction SilentlyContinue

    # Overwrite with random data (DOD 5220.22-M pattern)
    $file = Get-Item "$activityPath\windows.db"
    $fileStream = [System.IO.File]::Open($file.FullName, 'Open', 'ReadWrite')
    $random = New-Object System.Random
    $buffer = New-Object byte[] 1MB
    while ($fileStream.Position -lt $fileStream.Length) {
        $random.NextBytes($buffer)
        $fileStream.Write($buffer, 0, $buffer.Length)
    }
    $fileStream.Close()

    Write-Host "Activity History database securely wiped"
}

Additional databases containing activity traces exist in:

A cleanup involves removing all these locations. For maximum assurance, use a full-disk wiper after disabling Activity History, as deleted files may remain recoverable through unallocated space analysis.

Step 6 - Monitor and Verification at the System Level

Implement continuous monitoring to detect unauthorized Activity History re-enablement by malware or updates:

Continuous Activity History monitoring script
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System"
$activityPath = "$env:APPDATA\Microsoft\Windows\Activities\Cache"
$logPath = "C:\Logs\ActivityHistoryMonitor.log"

function Monitor-ActivityHistory {
    while ($true) {
        $publishUserActivities = (Get-ItemProperty -Path $regPath -Name "PublishUserActivities" -ErrorAction SilentlyContinue).PublishUserActivities

        if ($publishUserActivities -ne 0) {
            Add-Content -Path $logPath -Value "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - ALERT: Activity History was re-enabled"
            Set-ItemProperty -Path $regPath -Name "PublishUserActivities" -Value 0
        }

        # Check for Activity History database writes
        $activity = Get-ChildItem -Path $activityPath -Recurse | Where-Object {$_.LastWriteTime -gt (Get-Date).AddMinutes(-5)}
        if ($activity) {
            Add-Content -Path $logPath -Value "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') - ALERT: Activity History database was modified"
        }

        Start-Sleep -Seconds 300
    }
}

Monitor-ActivityHistory

Run this as a scheduled task at system startup to maintain persistent monitoring.

Step 7 - Group Policy Auditing

For IT administrators managing multiple systems, audit which systems have Activity History disabled through Group Policy:

Audit script for multiple systems
$computers = @("WORKSTATION1", "WORKSTATION2", "WORKSTATION3")
$results = @()

foreach ($computer in $computers) {
    try {
        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computer)
        $key = $reg.OpenSubKey('SOFTWARE\Policies\Microsoft\Windows\System')
        $value = $key.GetValue('PublishUserActivities')

        $results += [PSCustomObject]@{
            Computer = $computer
            ActivityHistoryDisabled = ($value -eq 0)
            RegistryValue = $value
            Status = if ($value -eq 0) { "Compliant" } else { "Non-Compliant" }
        }
    } catch {
        $results += [PSCustomObject]@{
            Computer = $computer
            Status = "Error: $_"
        }
    }
}

$results | Export-Csv -Path "ActivityHistoryAudit.csv" -NoTypeInformation

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Frequently Asked Questions

How long does it take to complete this setup?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Is this approach secure enough for production?

The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.

Related Articles

Built by theluckystrike. More at zovo.one