SERVtomaste/Solidworks Licenses/solidworks-privacy-lockdown.md

# SolidWorks Privacy Lockdown - Block Telemetry, Preserve Licensing

## Context

I own a perpetual SolidWorks license (~$20K CAD) from Dassault Systèmes. I use it for proprietary engineering work through my consulting company (Atomaste Solution), including development of my Atomizer optimization framework.

I want to block all telemetry, analytics, and unnecessary communications with Dassault servers while preserving the ability to transfer my license between my workstation (ThinkPad P16) and laptop as needed.

## Objective

Implement "Option 2" - block all telemetry/tracking permanently, but allow licensing servers so license activation/deactivation works seamlessly.

## System Information

- OS: Windows 11 Pro
- SolidWorks installation path: `C:\Program Files\SOLIDWORKS Corp\` (verify actual path)
- User has admin access
- Perpetual license (not subscription)

## Tasks

### 1. Identify All SolidWorks Executables

Find all executables in the SolidWorks installation that might phone home:
- Main application (SLDWORKS.exe)
- Update services
- Background schedulers
- Any 3DEXPERIENCE components

### 2. Update Hosts File

Add blocking rules to `C:\Windows\System32\drivers\etc\hosts` for telemetry domains while explicitly preserving licensing domains.

**Block these (telemetry/analytics):**
```
127.0.0.1 api.3ds.com
127.0.0.1 www.3ds.com
127.0.0.1 swym.3ds.com
127.0.0.1 iam.3ds.com
127.0.0.1 cas.3ds.com
127.0.0.1 eu1-ds-iam.3dexperience.3ds.com
127.0.0.1 eu1-ds.3dexperience.3ds.com
127.0.0.1 update.solidworks.com
127.0.0.1 www.solidworks.com
127.0.0.1 sentry.io
127.0.0.1 o136956.ingest.sentry.io
127.0.0.1 telemetry.solidworks.com
127.0.0.1 analytics.3ds.com
127.0.0.1 collect.3ds.com
```

**DO NOT block these (licensing):**
```
# activation.solidworks.com - REQUIRED for license transfer
# license.solidworks.com - REQUIRED for license transfer  
# licensing.solidworks.com - REQUIRED for license transfer
```

### 3. Disable Update Services

Disable these Windows services if they exist:
- SOLIDWORKS Update Publisher Service
- Any other SW background services that aren't needed for core functionality

```powershell
Get-Service -DisplayName "*SOLIDWORKS*" | Format-Table Name, DisplayName, Status, StartType
```

Then disable non-essential ones.

### 4. Configure Firewall Rules

Create firewall rules that:
- Block outbound connections for update/telemetry executables
- Allow SLDWORKS.exe to reach licensing servers only (if possible with Windows Firewall)

If granular domain blocking per-exe isn't possible with Windows Firewall, the hosts file blocking is sufficient - just document this.

### 5. Disable In-App Telemetry

Document the registry keys or provide instructions for disabling:
- Anonymous usage data collection
- Automatic update checks
- 3DEXPERIENCE connection prompts

Registry locations to check:
```
HKEY_CURRENT_USER\Software\SolidWorks\
HKEY_LOCAL_MACHINE\SOFTWARE\SolidWorks\
```

Look for keys related to:
- Analytics
- Telemetry
- Updates
- CustomerExperience

### 6. Create Verification Script

Create a PowerShell script that verifies the lockdown is in place:
- Check hosts file entries exist
- Check services are disabled
- Check firewall rules are active
- Test that licensing domains are still reachable

### 7. Create Documentation

Provide a summary document with:
- What was blocked and why
- What was preserved and why
- How to temporarily disable blocking if needed (e.g., for troubleshooting)
- How to verify license transfer still works

## Success Criteria

1. SolidWorks launches and runs normally
2. No connections to telemetry/analytics endpoints
3. License activation/deactivation works
4. Solution persists across reboots
5. Clear documentation for future reference

## Notes

- Take a backup of hosts file before modifying
- Document original service states before disabling
- All changes should be reversible
- Test license deactivation/reactivation after implementation to confirm it works