Manage Privacy: Windows Error Reporting and Resulting Internet Communication
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
In this section
Benefits and purposes of Windows Error Reporting and the Problem Reports and Solutions feature
How Windows Error Reporting communicates with an Internet site
Controlling Windows Error Reporting to prevent the flow of information to and from the Internet
Procedures to configure Windows Error Reporting
This section explains how the Windows Error Reporting and the Problem Reports and Solutions feature communicates across the Internet, and it explains steps to limit, control, or prevent that communication in an organization with many users.
Note
The Problem Reports and Solutions feature in Action Center is an interface that displays information from Windows Error Reporting. It communicates with the Internet only through Windows Error Reporting.
Benefits and purposes of Windows Error Reporting and the Problem Reports and Solutions feature
Windows Error Reporting and the Problem Reports and Solutions feature work together to make it easy to find online solutions for computer issues:
Windows Error Reporting: Windows Error Reporting is a feature that allows Microsoft to track and address errors that are relating to the operating system, and Windows features and applications. Windows Error Reporting gives administrators the opportunity to send data about errors to Microsoft and to receive information about solutions.
Solution information can include instructions for working around an issue, or a link to the Windows Update website or another website for updated drivers, patches, or Microsoft Knowledge Base articles. Microsoft developers can use Windows Error Reporting as a problem-solving tool to address customer issues in a timely manner and to improve the quality of Microsoft products.
Problem Reports and Solutions: The Problem Reports and Solutions feature in Action Center helps you track problem reports and solution information that you have received from Microsoft. Action Center helps you store the solution information, which is displayed by using a web browser. However, all Internet communication that is related to the problem reports and solutions is handled by Windows Error Reporting.
Consent levels in Windows Error Reporting
Windows Error Reporting has the following consent levels to help you control how Windows Error Reporting prompts you before sending data:
Automatically check for solutions. Windows Error Reporting sends the minimum data that is required to check for an existing solution, for example, the application name and version, module name and version, and exception code. After sending this data, Windows Error Reporting prompts you for consent before sending any additional data that is needed to solve the issue.
Automatically check for solutions and send additional report data, if needed. Windows Error Reporting automatically checks for solutions and sends additional information that is needed to solve the issue (typically, the user is not prompted).
Each time a problem occurs, ask me before checking for solutions. Windows Error Reporting always prompts for consent before sending an error report.
Never check for solutions (not recommended). This setting disables Windows Error Reporting.
Send all data (Group Policy setting only). This setting can only be configured through Group Policy, not through the Initial Configuration Tasks interface, Server Manager, or Control Panel. Any data that is requested by Microsoft is sent without prompting the user.
Options for controlling Windows Error Reporting
If a prompt appears for someone who is signed in as an administrator, the person can choose to report application and operating system errors. If a prompt appears for someone who is not signed in as an administrator, the person can choose to report application errors plus errors for operating system software that does not require administrative credentials to run.
Error reporting can be controlled through the Initial Configuration Tasks interface or Server Manager, as outlined in Consent levels in Windows Error Reporting earlier in this section.
Overview: Using Windows Error Reporting and the Problem Reports and Solutions feature in a managed environment
In a managed environment, you can choose to disable Windows Error Reporting or control it as follows:
You can use Group Policy or an answer file for an unattended installation to control the consent level (described earlier) to determine the amount of prompting that users or administrators see before information about a software issue is sent to Microsoft. For example, you can set the consent level so the person using the computer is always prompted before information is sent.
You can use Group Policy to disable Windows Error Reporting.
For more information about Microsoft software that is designed for use with the Group Policy setting, Configure Corporate Windows Error Reporting, see System Center 2012 Configuration Manager on the Microsoft website.
For more information about the underlying functionality that redirects error reports to a server on your intranet, see WER Settings on the MSDN website.
For more information about the answer-file entries or Group Policy settings that are described in this subsection, see Controlling Windows Error Reporting to prevent the flow of information to and from the Internet later in this section.
How Windows Error Reporting communicates with an Internet site
The data that Microsoft collects through Windows Error Reporting is used strictly for the purpose of tracking and solving issues that users and administrators are experiencing. This subsection describes various aspects of the data that is sent to and from the Internet during error reporting, and how the exchange of information takes place. The next subsection provides additional details.
Specific information sent or received: In most cases, the information that is collected for an error report only includes software parameters, which include such information as the application name and version, module name and version, and exception code. In unusual cases, a more complete crash report might be collected. Rarely, some information that is unique to the person who is using the computer might be collected unintentionally. This information, if present, is not used to identify the person.
Microsoft may send solution information about an issue to the user or administrator, including links to websites.
Default settings: By default, error reporting is enabled. However, additional configuration steps are needed to configure error reporting, and no reports are sent unless these steps are completed.
When a computer is started for the first time, the Initial Configuration Tasks interface appears which displays a variety of tasks including Enable automatic updating and feedback. In this task, you can choose to enable a default level of automatic updating and feedback (which includes error reporting), or you can manually configure settings. For details about consent levels, see Consent levels in Windows Error Reporting earlier in this section.
Triggers: The opportunity to send an error report is triggered by application or system errors.
User notification: User notification depends on the consent level. See Consent levels in Windows Error Reporting earlier in this section.
Windows provides reminders (in the form of pop-up notifications) to check for solutions to reports that have not been sent, for example, reports that were generated in the background or while you were offline.
Logging: Descriptions of system and application errors are recorded in the event log. In addition, the Problem Reports and Solutions feature records information about problem reports sent and solution information received on that computer, so that the user or administrator can investigate solutions later. (New solutions might overwrite old solutions if the number of stored solutions exceeds the allowed maximum.)
Encryption: All report data that could include personal information is encrypted during transmission by using HTTPS (that is, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) with HTTP). The software parameters information, which includes such information as the application name and version, module name and version, and exception code, is also encrypted.
Access: Microsoft employees and contingent staff may access the error reports to maintain Windows Error Reporting or to improve Microsoft products. They may not use the reports for other purposes.
If the error report indicates that one or more non-Microsoft products were involved in causing the issue, Microsoft may send the report to the respective companies if the companies agree to abide by the terms of the privacy statement. Software or hardware developers (employed by Microsoft or one of its partners) may analyze the fault data and try to identify and correct the problem.
Privacy: For more information, see the Windows 8 and Windows Server 2012 Privacy Statement or the Windows 8.1 and Windows Server 2012 R2 privacy statement.
Details that are related to privacy of data are presented in Types of data collected later in this section.
Transmission protocol and port: The transmission protocol is MS_SQMCS2. For more information, see [MS-SQMCS2]: Software Quality Metrics (SQM) Client-to-Service Version 2 Protocol Specification.
Ability to disable: The feature can be disabled through Group Policy or on an individual computer. You can also control the feature as described in Overview: Using Windows Error Reporting and the Problem Reports and Solutions feature in a managed environment earlier in this section, and Controlling Windows Error Reporting to prevent the flow of information to and from the Internet later in this section.
Types of data collected
This section provides an overview of the data that Windows Error Reporting collects and information about data that might be collected from four sources:
Application errors
Handwriting recognition errors
Japanese Input Method Editor errors
Windows kernel failures
Overview of the data that Windows Error Reporting collects
Windows Error Reporting collects information about the computer configuration, what the software was doing when the problem occurred, and other information directly related to the issue. Windows Error Reporting does not intentionally collect anyone’s name, address, email address, or computer name. It is possible that such information may be captured in memory or in the data that is collected from open files, but Microsoft does not use it to identify users. Windows Error Reporting collects Internet Protocol (IP) addresses, but the addresses are not used to identify users, and in many cases, they are the address of a network address translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server.
IP address information is used in aggregate by the operators who maintain the servers that receive error reports.
In rare cases, such as issues that are especially difficult to solve, Microsoft may request additional data, including sections of memory (which may include memory that is shared by any or all applications that were running at the time the issue occurred), some registry settings, and one or more files from your computer. When additional data is requested, users can review the data and choose whether to send the information.
Data collected from application errors
Any application can be written in a way that uses the Error Reporting functionality. If an application error occurs for which Error Reporting is available, and you choose to send the report, the following information is included:
The digital product ID, which can be used to identify your license.
Information regarding the condition of the computer and the application at the time the error occurred. This may include data that is stored in memory and stacks, information about files in the application's directory, the operating system version, and the computer hardware in use.
You can use a registry setting to configure Windows Error Reporting so that it collects full user-mode dumps and stores them locally after a user-mode application stops responding. This configuration option in Windows Error Reporting does not involve communication across the Internet.
For more information, see Collecting User-Mode Dumps on the Microsoft website.
Data collected from handwriting recognition errors
If users encounter a handwriting recognition error while using the Tablet PC Input Panel, they can start the error reporting tool and then select recently corrected handwriting samples to send in an error report. The samples are handled according to the consent-level setting, and in most cases, they are sent only with explicit consent. No personal information is intentionally collected; however, the samples that are chosen may include personal information. This information will not be used to personally identify the person.
You can disable the reporting of handwriting recognition errors by using a specific Group Policy setting, as described in Setting for disabling Windows Error Reporting later in this section.
Data collected from the Japanese Input Method Editor
In the Japanese versions of Windows, users can generate a "word registration report" through the Japanese Input Method Editor (IME), and then choose to send the report to Microsoft. The reports are like error reports, but they record a word or word pair to improve the selection of the ideograms that are displayed. Word registration reports can include the information that is provided in the Add Word dialog box about the words being reported, and the software version number for IME. Each time such a report is generated, the user is asked whether to send the report to Microsoft and can view the information that is contained in the report before sending it.
Microsoft uses the information to help improve IME. Personal information might unintentionally be collected, but Microsoft does not use the information to identify or contact the person. Word registration reports are sent to Microsoft by using HTTPS.
If you configure Windows Error Reporting as described in Procedures to configure Windows Error Reporting later in this section, you can control word registration reports in the same way that you control error reports.
Data collected from Windows kernel failures
When a kernel-mode (system) error occurs a Stop message is displayed and diagnostic information is written to a memory dump file. When someone restarts the computer by using normal mode or Microsoft Windows Safe Mode (with networking), and then signs in as an administrator, Windows Error Reporting responds. As with other errors, Windows Error Reporting uses the consent-level setting to determine when to prompt you before sending a kernel fault report.
Windows kernel fault reports contain information about what the operating system was doing when the problem occurred. These event reports contain the minimum information that can help identify why the operating system stopped unexpectedly. If you choose to send the report, it includes the following:
Operating system name (for example, Windows Server 2012)
Operating system version
Operating system language as represented by the locale identifier (LCID)—(for example, the standard international numeric abbreviation, 1033, for United States English)
Loaded and recently unloaded drivers. These identify the modules that were in use by the kernel when the Stop error occurred and the modules that were used recently.
List of drivers in the Drivers folder on the hard disk drive (systemroot\System32\Drivers)
File size, date created, version, manufacturer, and full product name for each driver
Number of available processors
Amount of random access memory (RAM)
Time stamp that indicates when the Stop error occurred
Messages and parameters that describe the Stop error
Processor context for the process that stopped. This includes the processor, hardware state, performance counters, multiprocessor packet information, deferred procedure call information, and interrupts (that is, requests from software or devices for processor attention)
Process information and kernel context for the halted process. This includes the offset (location) of the directory table and the database that maintains the information about every physical page (block of memory) in the operating system.
Process information and kernel context for the thread that stopped. This information identifies registers (data-storage blocks of memory in the processor) and interrupt-request levels, and it includes pointers to data structures for operating system data.
Kernel-mode call stack for the interrupted thread. This is a data structure that consists of a series of memory locations and one or more pointers.
Controlling Windows Error Reporting to prevent the flow of information to and from the Internet
To control the flow of information to and from the Internet when users or administrators report errors, you can configure Windows Error Reporting by using an answer file with an unattended installation or by using Group Policy. The following subsections provide more details.
Using an answer file with an unattended installation
You can control the consent level for Windows Error Reporting by using an answer file with an unattended installation. To configure a consent level of Always ask before sending data, confirm that your answer file includes the following line:
<DefaultConsent>1</DefaultConsent>
For more information, see To control the consent level for Windows Error Reporting by using an answer file with an unattended installation later in this section.
Selected Group Policy settings for Windows Error Reporting
This section provides information about a small set of the Group Policy settings that are available for Windows Error Reporting. For information about viewing these and other Group Policy settings, see To locate Group Policy settings for configuring Windows Error Reporting later in this section.
Setting to redirect Windows Error Reporting to a server on your intranet
This setting is located in Computer Configuration under Policies (if present), in Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Corporate Windows Error Reporting.
Two settings in the Advanced Error Reporting Settings refer to the "Report Queue" and the "Report Archive" These refer to information that is stored on the local computer. The Report Queue temporarily stores error reports that are waiting to be sent. The Report Archive stores reports so that the Problem Reports and Solutions interface can display them.
Setting to control the degree of prompting that occurs before data is sent
You can control the degree to which Windows Error Reporting prompts you for consent before data is sent. This setting is located in Computer Configuration or in User Configuration, under Policies (if present), in Administrative Templates\Windows Components\Windows Error Reporting\Consent.
Configure Default consent: If you enable this setting, you can select one of the following consent levels:
Always ask before sending data: Windows Error Reporting always prompts for consent before sending an error report.
Send parameters: Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data and prompts the user for consent to send any additional data requested by Microsoft.
Send parameters and safe additional data: Windows Error Reporting sends the minimum data required to check for an existing solution in addition to data that the developer of the program has designated as being highly unlikely to contain personal information. Windows Error Reporting then prompts for consent before sending any additional data that is requested by Microsoft.
Send all data: Any data requested by Microsoft is sent without prompts. (This setting can only be configured through Group Policy, not through the Initial Configuration Tasks interface, Server Manager, or Control Panel.)
Setting to disable reporting handwriting recognition errors
You can use a Group Policy setting to specifically disable reports for handwriting recognition errors. This setting is located in Computer Configuration or in User Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management\Internet Communication settings.
- Turn off handwriting recognition error reporting: If you enable this setting, you cannot start the error reporting tool for handwriting recognition errors, and corrected handwriting samples will never be sent to Microsoft by Windows Error Reporting.
Setting for disabling Windows Error Reporting
This setting is located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management\Internet Communication settings.
- Turn off Windows Error Reporting: If you enable this setting, you can still view settings in the Initial Configuration Tasks interface, Server Manager, or Control Panel, but the display informs you that settings are being managed by a system administrator.
Important
You can also restrict Internet access for Windows Error Reporting and a number of other features by applying the Restrict Internet communication Group Policy setting, which is located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix B: Group Policy Settings Listed Under the Internet Communication Management Category.
Procedures to configure Windows Error Reporting
The following procedures explain how to make changes to Windows Error Reporting using Server Manager and Group Policy.
To view or change settings for Windows Error Reporting on one or more Servers using Server Manager
Open Server Manager, and in the navigation pane, click Servers.
In the details pane, select one or more servers.
Right-click the selected servers, and then click Configure Windows Automatic Feedback.
In the Windows Automatic Feedback dialog box, make any necessary changes.
Click OK to apply the settings and close the dialog box.
To use Control Panel to view or change settings for Windows Error Reporting
Open Control Panel, click Action Center, and then click Maintenance.
Under Check for solutions to problem reports, click Settings.
Under Choose when to check for solutions to problem reports, view or change the basic error reporting settings as described earlier in this document.
You can configure additional error reporting options as follows:
Click Change report settings for all users. These settings can be used to configure error reporting for all users of the computer or to allow each user to choose their settings (the default).
Click Select programs to exclude from reporting: This setting allows you to manage the list of programs for which Windows Error Reporting is enabled.
To locate Group Policy settings for configuring Windows Error Reporting
Using an account with domain administrative credentials, sign in to a computer with the Group Policy Management feature installed.
Open the Group Policy Management Console (GPMC) by running gpmc.msc, and then edit an appropriate Group Policy Object (GPO).
If you are interested in policy settings that apply to all users of a computer and that come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you are interested in policy settings that apply to specific users or administrators and that come into effect when a person signs in or when Group Policy is refreshed, expand User Configuration.
Expand Policies (if present), expand Administrative Templates, and then expand Windows Components.
Click Windows Error Reporting, and then view the settings that are available.
Click Advanced Error Reporting Settings, and then view the settings that are available. (What you selected in Step 3 affects what you see in Advanced Error Reporting Settings. If you want to view Configure Corporate Windows Error Reporting, you must select Computer Configuration in Step 3.)
In the left pane, click Consent, and then view the settings that are available.
To disable reporting handwriting recognition errors
Using an account with domain administrative credentials, sign in to a computer with the Group Policy Management feature installed.
Open the Group Policy Management Console (GPMC) by running gpmc.msc, and then edit an appropriate Group Policy Object (GPO).
If you are interested in policy settings that apply to all users of a computer and that come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you are interested in policy settings that apply to specific users or administrators and that come into effect when a person signs in or when Group Policy is refreshed, expand User Configuration.
Expand Policies (if present), expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.
In the details pane, double-click Turn off handwriting recognition error reporting, and then click Enabled.
Note
You can also restrict Internet access for Windows Error Reporting and a number of other features by applying the Restrict Internet communication Group Policy setting, which is located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management. For more information about this Group Policy setting and the policies that it controls, see Appendix B: Group Policy Settings Listed Under the Internet Communication Management Category.
To disable Windows Error Reporting by using Group Policy
Using an account with domain administrative credentials, sign in to a computer running with the Group Policy Management feature installed.
Open the Group Policy Management Console (GPMC) by running gpmc.msc, and then edit an appropriate GPO.
Expand Computer Configuration, expand Policies (if present), expand Administrative Templates, expand Windows Components, and then expand Windows Error Reporting.
In the details pane, double-click Disable Windows Error Reporting, and then click Enabled.
If you enable this setting, you can still view settings in the Initial Configuration Tasks interface, Server Manager, and Control Panel, but the display informs you that settings are being managed by a system administrator.
Important
You can also restrict Internet access for Windows Error Reporting and a number of other features by applying the Restrict Internet communication Group Policy setting, which is located in Computer Configuration under Policies (if present), in Administrative Templates\System\Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix B: Group Policy Settings Listed Under the Internet Communication Management Category.
To control the consent level for Windows Error Reporting by using an answer file with an unattended installation
Use the methods you prefer to create an answer file for an unattended installation. For detailed information about entries to include in the answer file, see Unattend.chm in the Windows Setup Automation Overview.
Confirm that your answer file includes one of the following lines:
For a consent level of Always ask before sending data: <DefaultConsent>1</DefaultConsent>
For a consent level of Send parameters: <DefaultConsent>2</DefaultConsent>
For a consent level of Send parameters and safe additional data: <DefaultConsent>3</DefaultConsent>
For a consent level of Send all data: <DefaultConsent>4</DefaultConsent>
For additional information about an unattended installation, see the resources listed in Appendix A: Resources for Learning About Automated Installation and Deployment.
Additional references
For more information about Windows Error Reporting, see the following resource on the Microsoft website: