[Samba] snooping windows 10 - how to stop it on a linux gateway?

[Karel Lang AFD]

Hi all,

guys, first and foremost, i apologize, as this is not really about 
samba, but i'm basically at 'ground zero' with windows 10 and how to 
stop them from snooping information of the LAN PC windows users.

And i know there is some great people with windows network understanding 
here on list, that is why i ask here, so please don't stone me :-)

I think everyone heard already about how windows 10 badly treat its 
users privacy (and recently i learned those 'great' features are now 
backported even to windows 7 so..).

I'm now thinking about a way howto stop a windows 10 sending these data 
mining results to a microsoft telemetry servers and filter it on our 
linux gateway.

I think it could be (maybe?) done via DPI (deep packet inspection). I 
similarly filter torrent streams on our linux gateway - i use patched 
standard Scientific linux 6 kernel with 'xtables' (ipp2p enhancement) 
and it is working extremely well.

Also people from scientific linux community suggested it might be 
filtered via transparent https proxy.

Also, i read (not sure if true) that some DNS resolutions to M$ servers 
are even 'hardwired' via some .dll library, so it makes it even harder.

I'm no windows expert, but i'm and unix administrator concerned about 
privacy of windows desktop/laptop users sitting inside my LAN.

The point of what i'd like to do, is to come up is some general idea, be 
it iptables rules, or general proxy solution, rather than blocking 
specific IP addresses or names, because, apparently they may change in 
any incoming windows update ...

Anyone gave this thought already? Anyone else's concerned the way i am?

cheers

-- 
*Karel Lang*
*Unix/Linux Administration*
lang at afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz