SERVtomaste/Solidworks Licenses/PRIVACY-LOCKDOWN-README.md

# SolidWorks Privacy Lockdown

**Author:** Atomaste Solution
**Purpose:** Block telemetry while preserving license transfer functionality

## Overview

This solution blocks all telemetry, analytics, and unnecessary communications from SolidWorks to Dassault Systèmes servers while preserving the ability to:
- Activate licenses
- Deactivate licenses
- Transfer licenses between machines

## Quick Start

### Preview Changes (Dry Run - RECOMMENDED FIRST)

```powershell
# Open PowerShell as Administrator, then run:
cd "C:\Users\antoi\SERVtomaste\Solidworks Licenses\scripts"
.\00-install-privacy-lockdown.ps1 -DryRun
```

This shows exactly what would be changed **without modifying anything**. A report is generated.

### Install (Apply All Protections)

```powershell
.\00-install-privacy-lockdown.ps1
```

### Uninstall (Remove All Protections)

```powershell
.\00-install-privacy-lockdown.ps1 -Undo
```

### Verify Status

```powershell
.\05-verify-lockdown.ps1 -Detailed
```

## Reports

Every run generates a detailed report in `scripts/reports/`:

```
scripts/reports/
  └── lockdown-report_2024-01-15_14-30-00.txt
```

### Report Contents

- **System State Before**: What was present before any changes
- **Changes Made**: Every modification with before/after values
- **Summary**: Count of changes by category (hosts, services, firewall, registry)

### Example Report Output

```
================================================================================
  SOLIDWORKS PRIVACY LOCKDOWN REPORT
  Generated: 2024-01-15 14:30:00
  Computer: WORKSTATION-01
  User: Antoine
  Mode: INSTALL
================================================================================

SYSTEM STATE BEFORE CHANGES
  [BEFORE] Hosts file: No SolidWorks block found
  [BEFORE] Services: No SolidWorks services found
  [BEFORE] Firewall: No SolidWorks Privacy rules found

HOSTS FILE MODIFICATIONS
  [CHANGE] BLOCKED: telemetry.solidworks.com -> 127.0.0.1
  [CHANGE] BLOCKED: analytics.3ds.com -> 127.0.0.1
  ...

CHANGES SUMMARY
  HOSTS FILE CHANGES (18)
  SERVICES CHANGES (0)
  FIREWALL CHANGES (0)
  REGISTRY CHANGES (0)
  TOTAL CHANGES: 18
================================================================================
```

## What Gets Blocked

### Domains (via hosts file)

| Domain | Purpose | Status |
|--------|---------|--------|
| telemetry.solidworks.com | Telemetry | BLOCKED |
| analytics.3ds.com | Analytics | BLOCKED |
| collect.3ds.com | Data collection | BLOCKED |
| update.solidworks.com | Auto-updates | BLOCKED |
| api.3ds.com | 3DEXPERIENCE API | BLOCKED |
| swym.3ds.com | Social/community | BLOCKED |
| sentry.io | Error tracking | BLOCKED |
| o136956.ingest.sentry.io | Error tracking | BLOCKED |

### Services Disabled

- SOLIDWORKS Update Publisher Service
- SolidWorks Background Downloader
- Any 3DEXPERIENCE background services

### Firewall Rules

- Block outbound for: Update executables, Task schedulers, Downloaders
- Allow outbound for: SLDWORKS.exe (main app), License wizard

### Registry Settings

- Customer Experience Improvement Program: Disabled
- Auto Check for Updates: Disabled
- Send Usage Statistics: Disabled
- 3DEXPERIENCE Integration: Disabled
- Background Downloader: Disabled

## What Remains Accessible (Licensing)

| Domain | Purpose | Status |
|--------|---------|--------|
| activation.solidworks.com | License activation | ALLOWED |
| license.solidworks.com | License server | ALLOWED |
| licensing.solidworks.com | License management | ALLOWED |

## Scripts Reference

| Script | Purpose |
|--------|---------|
| `00-install-privacy-lockdown.ps1` | Master installer (runs all scripts) |
| `01-block-telemetry-hosts.ps1` | Modifies hosts file |
| `02-disable-services.ps1` | Disables Windows services |
| `03-configure-firewall.ps1` | Creates firewall rules |
| `04-disable-telemetry-registry.ps1` | Modifies registry settings |
| `05-verify-lockdown.ps1` | Verifies lockdown status |

## Individual Script Usage

Each script supports:
- `-Undo` : Reverse the changes
- `-ListOnly` : Preview changes without applying (where applicable)

### Examples

```powershell
# Preview what hosts file changes would be made
.\01-block-telemetry-hosts.ps1 -Undo  # to remove
.\01-block-telemetry-hosts.ps1        # to apply

# List services without modifying
.\02-disable-services.ps1 -ListOnly

# Preview firewall rules
.\03-configure-firewall.ps1 -ListOnly

# Check current registry settings
.\04-disable-telemetry-registry.ps1 -ListOnly
```

## Troubleshooting

### License Activation Fails

1. Verify licensing domains are accessible:
   ```powershell
   nslookup activation.solidworks.com
   nslookup license.solidworks.com
   ```

2. Temporarily remove hosts file block:
   ```powershell
   .\01-block-telemetry-hosts.ps1 -Undo
   ```

3. Complete license operation, then re-apply:
   ```powershell
   .\01-block-telemetry-hosts.ps1
   ```

### SolidWorks Won't Launch

1. Run verification:
   ```powershell
   .\05-verify-lockdown.ps1 -Detailed
   ```

2. Check if any critical service was disabled:
   ```powershell
   .\02-disable-services.ps1 -ListOnly
   ```

3. Restore all settings:
   ```powershell
   .\00-install-privacy-lockdown.ps1 -Undo
   ```

### Re-run After First SolidWorks Launch

Some registry settings only appear after SolidWorks runs for the first time. After initial launch:

```powershell
.\04-disable-telemetry-registry.ps1
```

## Backup Locations

| Component | Backup Location |
|-----------|-----------------|
| Hosts file | `C:\Windows\System32\drivers\etc\hosts.backup.solidworks` |
| Services | `%USERPROFILE%\solidworks-services-backup.json` |
| Registry | `%USERPROFILE%\solidworks-registry-backup.reg` |

## Reverting Changes

### Complete Removal

```powershell
.\00-install-privacy-lockdown.ps1 -Undo
```

### Individual Components

```powershell
.\01-block-telemetry-hosts.ps1 -Undo   # Remove hosts entries
.\02-disable-services.ps1 -Undo         # Restore services
.\03-configure-firewall.ps1 -Undo       # Remove firewall rules
.\04-disable-telemetry-registry.ps1 -Undo # Restore registry
```

## Testing License Transfer

After applying the lockdown, verify license operations work:

1. **In SolidWorks:** Help > Transfer License > Deactivate
2. Wait for confirmation
3. Help > Transfer License > Activate on new machine

If this fails, the hosts file may be blocking a required domain. Check verification script output.

## Installation Log - ANTOINETHINKPAD

**Date:** 2025-12-23 20:18:01
**Computer:** ANTOINETHINKPAD
**SolidWorks Version:** SOLIDWORKS 2026

### Changes Applied (22 total)

#### Hosts File (18 domains blocked)
```
127.0.0.1 api.3ds.com
127.0.0.1 www.3ds.com
127.0.0.1 swym.3ds.com
127.0.0.1 iam.3ds.com
127.0.0.1 cas.3ds.com
127.0.0.1 eu1-ds-iam.3dexperience.3ds.com
127.0.0.1 eu1-ds.3dexperience.3ds.com
127.0.0.1 update.solidworks.com
127.0.0.1 www.solidworks.com
127.0.0.1 sentry.io
127.0.0.1 o136956.ingest.sentry.io
127.0.0.1 telemetry.solidworks.com
127.0.0.1 analytics.3ds.com
127.0.0.1 collect.3ds.com
127.0.0.1 ifwe.3ds.com
127.0.0.1 eu1-ifwe.3dexperience.3ds.com
127.0.0.1 passport.3ds.com
127.0.0.1 3dswym.3ds.com
```

#### Services
- **SolidWorks Licensing Service** - Preserved (Manual startup) - required for licensing

#### Registry (4 settings disabled)
- CEIP (Customer Experience Improvement Program) → 0
- Auto Check for Updates → 0
- Analytics → 0
- Telemetry → 0

#### Backups Created
- Hosts file: `C:\Windows\System32\drivers\etc\hosts.backup.solidworks.2025-12-23_20-18-01`
- Services: `C:\Users\antoi\solidworks-services-backup.json`

#### Full Report
See: `scripts/reports/lockdown-report_2025-12-23_20-18-01.txt`

## Notes

- All changes persist across reboots
- No third-party software required
- Uses only native Windows features (hosts, services, firewall, registry)
- Administrator privileges required for all operations
- Changes are fully reversible