Prevent Windows 10 Apps In Workplace

[dubstir]

We are about to deploy some workstations with Windows 10, not by choice of course. I have search far and wide for tricks at preventing "modern apps" from installing and then also removing them. I see most items can be handled through GP... if you have Enterprise Windows 10. Well we have Pro. So far I was able to compile a powershell script to remove the apps, but... when a new user signs into that workstation, all is re-downloaded rendering it useless for about 15 minutes. I have also disabled Consumer Experience within GP through the local admin account. Once again... when a new user signs in, all items return. I have attempted to create a custom image (Ghost), but that is not worth our time at the moment.

So... any thoughts on the best way to accomplish an image (or reusable install) that has all apps removed (and stay removed) and saves all other settings no matter who logs into the workstation?

 

[DelJo63]

See this article

 

[MaikuTech]

The user who is using their assign work station, they should not be a admin but standard user.
Next setup a pin for the particular indivisual, when they clock in to work, they need to come in locally.
Not by remote access through the internet, setup the programs you're supervisor specified to you.
https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
Use app locker to specify what programs you want every user to use directly.
Anything not on your "ok" to use list, they won't be able to use it.
Now for them trying to download any app without asking you directly.
You could set it up through chrome or fire fox or edged.
Find a way to restrict them from not downloading.
Now If they do it anyway and you warned them once or twice.
Speak to your chain of command in management they will check that workstation later.
That person will be up for being Fired for using the computer for illegal internet activity.
Especially if that company is trying to keep everything secure + preventing any hacking attempts or infections from outside.

 

[DelJo63]

Comment @holdum323 ?

 

[holdum323]

Hi! @jobeard I use this to find Apps. Hold down windows logo tap R. Type Shell:AppsFolder
Also here's a great link by HTG.
https://www.howtogeek.com/224798/ho...-10s-built-in-apps-and-how-to-reinstall-them/

 

[dubstir]

I want to stop ALL the CRAPWARE within Windows 10. Using the below list I compiled, the CRAPWARE still pushes on down whenever a user (new user as well) signs into the workstation. No user has admin or power user privileges. The Cortana and Notification Center reg tweaks are the only items to actually stick. All the other items are apparently linked to each user's profiles, which explains why those items reappear after a user signs in for the first time. All the location, etc... settings within privacy need to be redone for each user on each machine. Most GPs will only work if a business has Enterprise version, which is pretty crappy of big MS.


Windows 10 Setup With AUDIT MODE
At Region selection screen: press Ctrl + Shift + F3
This takes you into AUDIT MODE as the Local Admin
Click CANCEL at System Preparation Tool

Disable Consumer Experience
Open Local Group Policy Editor (gpedit.msc)
Navigate to Computer Configuration > Administrative Templates > Windows Components > Cloud Content
Double click Turn off Microsoft Consumer Experiences
Enable this GPO and click OK

Remove All Bloatware:
Run Powershell as Administrator
Type Get-AppxPackage -AllUsers | Remove-AppxPackage

Remove OneDrive from File Explorer
Open regedit
Edit > Find {018D5C66-4533-4307-9B53-224DE2ED1FE6}
System.IsPinnedToNameSpaceTree
Change DWORD value to ZERO

Disable Action Center
Open Regedit
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows
Create Explorer key if not listed
Create New > DWORD (32-bit) and name DisableNotificationCenter.
Right-click, Modify and change value to 1
Restart

Disable Cortana
Open Regedit
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows
Create Windows Search Key if not listed
Create New > DWORD (32-bit) and name AllowCortana
Right-click, Modify and change value to 0
Restart

Remove all Stock Windows 10 Apps EXCEPT Calculator Through PowerShell

1. Run PowerShell as Administrator
2. Paste the script below:
Set-ExecutionPolicy Unrestricted
Get-AppxPackage -AllUsers | where-object {$_.name -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxPackage
Get-AppxProvisionedPackage -online | where-object {$_.packagename -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxProvisionedPackage -online
3. Press A when prompted and hit Enter

 

[MaikuTech]

Hmm let me ask then, users in your company, do they already have a user name from another windows 10 workstation ?
It might be tedious at first but for those people using said so computers to login and work in one room should stay there.
Lets say you have steve urkel by chance, his user name for that workstation will be urkel-ws1.
Steve gets to use calculator, edge explorer, firefox, office standard edition and whatever else.
You lock him then you have betty crocker, crocker-ws1, notice how I put "ws" ?
That means workstation 1 to keep it simplified, so if something goes wrong or one of the two is doing something they shouldn't.
Pay that work station a visit and see what the problem is, but what I mention is a suggestion it could work out.
However your boss is on a timeline and so are you to get it working by such said date.

 

[dubstir]

This thread is not about monitoring or preventing what a "user" can and cannot do, this thread is about what Windows 10 does. We will be blocking the Windows Store and other Windows items through Domain GP. I want to know how to prevent Windows 10 from downloading all their crapware everything time a user signs into a workstation. These users do not need Candy Crush, or Duolingo, or a CodeWriter. After the scripts I shared earlier these items still download no matter what.