post: Cleanup

post/spyless.bat

@@ -22,6 +22,7 @@ rem Does disabling DiagTrack mitigate the information leaks in the above article
 reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
 
 rem The DiagTrack service is used for sending Windows telemetry data to Microsoft
+rem Space after "start=" is required on Windows 7
 sc config DiagTrack start= disabled
 
 rem This disables the bulk of the telemetry, at least for what is necessary in a VM, while providing zero impact on the user experience
@@ -40,7 +41,7 @@ rem With all these methods combined, Windows telemetry is greatly diminished
 rem This can be seen in Wireshark by the fact that Windows is not reaching out to Microsoft servers nearly as often as it did originally
 rem This is at least once you've had Windows online for a while because it connects out a lot when it's first installed
 
-rem Be aware that while this does a good job at disabling telemetry of Windows itself, this doesn't account for other Microsoft (e.g. Office 365) or third-party products
+rem Be aware that while this does a good job at disabling telemetry for Windows itself, it doesn't account for other Microsoft (e.g. Office 365) or third-party products
 rem More research is required here
 
 rem Of course, the best option is to air gap Windows or refrain from using it

post/whonix.bat

@@ -9,19 +9,17 @@ rem https://www.whonix.org/wiki/Other_Operating_Systems
 rem https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamp
 
 rem anon-vm tag is applied to this qube: https://www.whonix.org/wiki/Dev/Qubes#anon-vm_tag
-rem Right now, this denies us access to the qubes.SetDate service: dom0:/etc/qubes-rpc/policy/qubes.SetDate
+rem Right now, this denies us access to the qubes.SetDate service
 
 echo Disabling Internet Time Syncing...
 reg add "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters" /v Type /t REG_SZ /d NoSync /f
 
 echo Skewing clock by +/- 0 to 180 seconds...
 rem Switched from +/- 1 to 30 skew recommend in the Whonix "Other Operating Systems" documentation to +/- 0 to 180 skew due to: https://forums.whonix.org/t/bootclockrandomization-always-moving-clock-plus-or-5-seconds/2200
-rem <nul is for a Windows 7 bug that causes PowerShell not to exit when used from CMD
-powershell -Command Set-Date ((Get-Date).AddSeconds((Get-Random -InputObject (-180..180)))) <nul
-
 rem Any clock skew is reset once the qube reboots so we must reapply the skew on every boot
 rem Whonix does this for Whonix-Workstation with bootclockrandomization: https://github.com/Whonix/bootclockrandomization
 schtasks /create /ru SYSTEM /sc onstart /tn "Skew Clock" /tr "powershell -Command Set-Date ((Get-Date).AddSeconds((Get-Random -InputObject (-180..180))))"
+schtasks /run /tn "Skew Clock"
 
 echo Disabling TCP timestamps...
 netsh int tcp set global timestamps=disabled
@@ -38,4 +36,4 @@ rem Things to consider:
 rem     - Does Windows send out traffic before running the "Skew Clock" task (Should not let Windows access the Internet until skew is applied)
 rem     - There is no sdwdate equivalent for Windows
 rem     - https://www.whonix.org/wiki/Network_Time_Synchronization#Summary
-rem     - Potentially add host firewall rules like Whonix-Workstation does: https://github.com/Whonix/whonix-firewall/blob/master/usr/bin/whonix-host-firewall
+rem     - Potentially add host firewall rules like Whonix-Workstation does: https://github.com/Whonix/whonix-firewall/blob/master/usr/bin/whonix-host-firewall