After analyzing the available free space on one of the Windows Server 2019 hosts, we found the ETLLogs directory, which contained several dozen gigabytes of ETL (Event Trace Log) files.
Interestingly, the abnormally large ETLogs directory could not be detected by free space analysis tools (like WinDirStat or TreeSize), even when they were run as an administrator. The huge ETL logs directory was only found when the tool was run on behalf of the SYSTEM account. Use the following command to run the app on behalf of the LocalSystem account:
psexec.exe -i -s WinDirStat.exe
The full path to the folder containing the ETL log files is C:\ProgramData\Microsoft\Diagnosis\ETLLogs. In this directory on my server, there were several hundred files with names in the format {GUID}_APPRAISER_UTC.etl, each about 100 MB in size. As shown by the dates on the files, the ETL files were created daily for a long period. These files are created by the CompatTelRunner.exe process.
These logs containing diagnostic data are created by Windows Telemetry Services. It is safe to manually delete ETL log files from this directory. Also, to quickly clean up the collected diagnostic data, go to Settings -> Privacy -> Diagnostics & Feedback, and click the Delete button in the Delete diagnostic data section. Change the value of the Feedback frequency parameter to “Never“.
To prevent further collection of ETL logs, you need to change the telemetry service settings.
- Reduce the level of diagnostic data logging. In the Settings -> Diagnostics, select the option to send only Required diagnostic data.
- Change the telemetry settings in the local Group Policy. Open the Local Group Policy Editor (
gpedit.msc) and navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Data Collection and Preview Builds. Find the Allow Telemetry option (or Allow Diagnostic Data in Windows 11/Windows Server 2022). Enable the policy and set its value to Diagnostic Data off. This parameter can be configured directly via the registry: reg add "HKLM\Software\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f - Then, in the GPO, disable participation in the Customer Experience Program: Computer Configuration -> Administrative Templates -> System ->Internet Communication Management -> Internet Communication settings. Enable the policy Turn off Windows Customer Experience Improvement Program.
- Disable the Microsoft Compatibility Appraiser and the ProgramDataUpdater in the Task Scheduler. To disable scheduled tasks using PowerShell, run:
Get-ScheduledTask 'Microsoft Compatibility Appraiser', ProgramDataUpdater | Disable-ScheduledTask - Then disable the following services dmwappushservice and DiagTrack (Connected User Experiences and Telemetry):
Get-Service dmwappushservice, DiagTrack | Stop-Service
Get-Service dmwappushservice, DiagTrack | Set-Service -StartupType Disabled
This parameter can be configured directly via the registry: 
This will reduce the size of the diagnostic and telemetry data collected in ETLogs.