So, if you want to go into the deep end, you can read through the microsoft documentation for use of DISM (Deployment Image Servicing and Management), which is an extremely potent tool created by microsoft and is meant for IT users (but anyone can learn and use it).It's a very slick and powerful OS, no doubt about that. It just comes with VERY negative cons, how negative those cons are depends on where your priorities are at. An OS that will ignore direct commands of it's master, like one of the fundamental principles of how computing should work is a big deal killer, who's in charge me or Microsoft? Really that's a rhetorical question because I know the answer, it's pretty clear that Win 10 is MS prepping everyone for the software as a service 365 Windows in which the user will have very little say in the backend. Microsoft isn't really a traditional software company anymore they are a service provider, their cloud computing SAAS stuff generates most of their revenue and that's naturally where they are going to go.
What does that even mean... If anything "people" are likely more accustomed to XP or 98 than they are any mobile OS given that mobiles OS's as you know them have been around +/- 10-15yrs only. Unless by "people" you mean 15yr olds or post-2000's kids. It's very likely that most "people" have more seat time on non mobile traditional layout OS's.
The approach the software/IT security community seems to have taken in general is that they gave up on the user and now just force feed them for the greater good. Forced updates, ISP routers locked down, lock down walled garden ecosystems, etc.
It's amazing how much people are slaking in terms of computer knowledge in a world where computers are more prevalent than ever before. For example the average computer user today doesn't even understand the concept of "directories", something that was day 1 stuff in 1980's computer class; the concept of permissions, etc..
So there they go, running Win 10 in admin mode and get owned by an exe or .js exploit when they click on some "free NFL streams" link. Even tons of people here on a computer enthusiast forum run their daily drivers in admin mode, that I cannot comprehend.
I have LTSC and Enterprise, I was wondering what kind of spyware is present on LTSC? I was under the impression that there should be none seeing as it's made for embedded devices.
I've done everything short of modding the .iso, bash scripts, third party programs, router firewall, group policy, all the normal user accessible settings, etc.
I've heard about this "modding the iso" thing in passing, creating a custom Win 10 image. Given your explanation it seems pretty involving and something that requires regular sysadmin'ing to keep up but then again I'm no stranger to that. Where should I get started for info on this and what are some of the basic go-to programs/software used to create the custom Win 10 ISO? I have access to LTSC & Enterprise images/keys so I would be using those as a base.
Win 10 was my breaking point, at first I tried just sucking up 10 and doing the mods you see people hearing talking about but I eventually realized it was a lost cause, I just couldn't win and that energy could be better spent actually learning something I could control and went full nix.
You don't even realize how much you suck at computers until you go to nix land. Here I was sitting here like a bunch of guys on this forum thinking I actually knew stuff about computers because I could build them and OC them and torrented stuff... Then you jump into nix land and get punched in the face for how much you suck, you get laughed at, you're back at square one and a certified noob again. Most people usually rage quit but if you stick it through eventually you learn and rise through the ranks of the real computer-fu masters.
Summed it up pretty well.
This may be time consuming if you are not familiar with command line interfaces, regardless of the era you are from (I started with DOS, not fluent in Linux but learning, but have done CLI slipstreaming for XP service packs which got me my start digging deeper into deployment tools over the years). I am not as good as others at powershell commands either, but am functional, which you will want to learn a bit of as well (although most of what you will be doing is using guides of others work for any powershell changes you make, most likely).
Personally, I would say NTLite has one of the best GUIs to learn on. The creator took the time to set it up so that is runs the mods through DISM and other commands, but simplified it so you look for the component and just click a check box. That is right, that simple. You still need a working knowledge of what the component is and does so that you don't break the functionality of like your network connection not working, etc. But, to aid in this, the maker set it up so that you can click on compatibility and mark what you need for compatibility for the system and it will prevent you from removing those components. This helps greatly during the learning process (by the way, just plan on breaking a couple custom ISOs while learning, just don't activate the copy, tool around to find what is broken, then go back to tweaking the ISO until you get one working the way you want it to with what you want gone actually gone, then activate it).
That is a paid program though. There are free programs, like the MSMG toolkit (please donate to the developer if possible, these people work hard to provide these tools to the community), that will allow similar functions to NTLite, but the GUI is not the same and you may have a different learning curve on the software. That one is a powerful tool as well, but due to it being able to be gotten for free, it may lag a bit on incorporation of the new DISM and support for new build versions of Windows. Cannot complain about that (also, once again, please support developers of tools used by the community, whether this, throttle stop, etc.).
As to what I mean by spyware on LTSC, there is still a ton of telemetry data gathered by microsoft. Sure, I had to remove significantly fewer components, but I still had to modify it to stop the data gathering. Also, you can remove certain components, rather than disabling them in OS, doing regedit, powershell, etc. That means that disabling certain logs won't be necessary because the component that created those in the first place was never installed! No one can turn on silently what isn't there to begin with!
This is an example of what the GUI looks like. After you create your working ISO, it can save your settings like a template to apply to future changes. If you gut Windows update in it, it uses WSUS and I forgot the other one to look up updates each month in the updates tab on the side when you go to make a new image (and yes, you will need to make a new image every month or however often you update). If you cut the ISO like I do, it breaks some cumulative updates because the windows file cannot find the component that needs to be updated, so the update will fail (or you can remove update altogether). In either event, that means you will need to add the updates to a clean ISO, then apply the changes on removed components, feature settings, etc., all over again (which the template from the stable build streamlines). They have an explanation on how to do it quickly on the software website's forum. Then you put the updated ISO onto a thumb drive, then go update your machine.
You mentioned you have done "bash scripts, third party programs, router firewall, group policy." I take it you may have done some registry editing as well, and maybe some powershell action. Basically, you can put in some of that straight from NTLite. This includes setting up services for the ISO, privacy feature settings, etc. As I said, this is a powerful tool. With all the options, it will take you awhile to get everything done correctly (and you may even use NTLite to remove certain live components that cannot be removed until after installed and activated, but that is later and can cause instability, etc., tread as you see fit). So, if you follow someone else's list, like Black Viper's list for services (http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/), then you can sit down and set those so that any time you use that ISO to install, your services are already set (aside from those added by any post install installations of software). You can add drivers to it, you can setup post installation programs to run, etc.
Now, much of this you can do with DISM or piecemeal. Nothing wrong with that and it is great practice to learn how to do this manually anyways with the official tools. In fact I recommend it. But, due to the volume you would need to learn, starting with NTLite or MSMG and perusing the DISM link above from M$ in your free time (as well as tooling around with it, like just becoming familiar with mounting the ISO, trimming down included versions, and adding drivers and updates to an ISO with DISM), you will get a feel for what is going on quicker. Now you should not remove what you don't understand, but you have the internet and time, then you can really dig in!
In summary, modding ISOs is just the next step in your journey. It builds on what you have already learned, while opening up new options to you that you didn't know before (plus teaches new skills if you ever want to eventually get certs for IT, which isn't my field, I just love tech!). Hope that helps a bit.