Prevent Windows 10 Apps In Workplace

By dubstir ยท 7 replies
Oct 11, 2017
Post New Reply
  1. We are about to deploy some workstations with Windows 10, not by choice of course. I have search far and wide for tricks at preventing "modern apps" from installing and then also removing them. I see most items can be handled through GP... if you have Enterprise Windows 10. Well we have Pro. So far I was able to compile a powershell script to remove the apps, but... when a new user signs into that workstation, all is re-downloaded rendering it useless for about 15 minutes. I have also disabled Consumer Experience within GP through the local admin account. Once again... when a new user signs in, all items return. I have attempted to create a custom image (Ghost), but that is not worth our time at the moment.

    So... any thoughts on the best way to accomplish an image (or reusable install) that has all apps removed (and stay removed) and saves all other settings no matter who logs into the workstation?
     
  2. jobeard

    jobeard TS Ambassador Posts: 10,838   +896

  3. MaikuTech

    MaikuTech TS Booster Posts: 224   +30

    The user who is using their assign work station, they should not be a admin but standard user.
    Next setup a pin for the particular indivisual, when they clock in to work, they need to come in locally.
    Not by remote access through the internet, setup the programs you're supervisor specified to you.
    https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
    Use app locker to specify what programs you want every user to use directly.
    Anything not on your "ok" to use list, they won't be able to use it.
    Now for them trying to download any app without asking you directly.
    You could set it up through chrome or fire fox or edged.
    Find a way to restrict them from not downloading.
    Now If they do it anyway and you warned them once or twice.
    Speak to your chain of command in management they will check that workstation later.
    That person will be up for being Fired for using the computer for illegal internet activity.
    Especially if that company is trying to keep everything secure + preventing any hacking attempts or infections from outside.
     
    Last edited: Oct 11, 2017
  4. jobeard

    jobeard TS Ambassador Posts: 10,838   +896

  5. holdum323

    holdum323 TS Enthusiast Posts: 406   +35

  6. dubstir

    dubstir TS Rookie Topic Starter

    I want to stop ALL the CRAPWARE within Windows 10. Using the below list I compiled, the CRAPWARE still pushes on down whenever a user (new user as well) signs into the workstation. No user has admin or power user privileges. The Cortana and Notification Center reg tweaks are the only items to actually stick. All the other items are apparently linked to each user's profiles, which explains why those items reappear after a user signs in for the first time. All the location, etc... settings within privacy need to be redone for each user on each machine. Most GPs will only work if a business has Enterprise version, which is pretty crappy of big MS.


    Windows 10 Setup With AUDIT MODE
    At Region selection screen: press Ctrl + Shift + F3
    This takes you into AUDIT MODE as the Local Admin
    Click CANCEL at System Preparation Tool

    Disable Consumer Experience
    Open Local Group Policy Editor (gpedit.msc)
    Navigate to Computer Configuration > Administrative Templates > Windows Components > Cloud Content
    Double click Turn off Microsoft Consumer Experiences
    Enable this GPO and click OK

    Remove All Bloatware:
    Run Powershell as Administrator
    Type Get-AppxPackage -AllUsers | Remove-AppxPackage

    Remove OneDrive from File Explorer
    Open regedit
    Edit > Find {018D5C66-4533-4307-9B53-224DE2ED1FE6}
    System.IsPinnedToNameSpaceTree
    Change DWORD value to ZERO

    Disable Action Center
    Open Regedit
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows
    Create Explorer key if not listed
    Create New > DWORD (32-bit) and name DisableNotificationCenter.
    Right-click, Modify and change value to 1
    Restart

    Disable Cortana
    Open Regedit
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows
    Create Windows Search Key if not listed
    Create New > DWORD (32-bit) and name AllowCortana
    Right-click, Modify and change value to 0
    Restart

    Remove all Stock Windows 10 Apps EXCEPT Calculator Through PowerShell

    1. Run PowerShell as Administrator
    2. Paste the script below:
    Set-ExecutionPolicy Unrestricted
    Get-AppxPackage -AllUsers | where-object {$_.name -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxPackage
    Get-AppxProvisionedPackage -online | where-object {$_.packagename -notlike "*Microsoft.WindowsCalculator*"} | Remove-AppxProvisionedPackage -online
    3. Press A when prompted and hit Enter
     
  7. MaikuTech

    MaikuTech TS Booster Posts: 224   +30

    Hmm let me ask then, users in your company, do they already have a user name from another windows 10 workstation ?
    It might be tedious at first but for those people using said so computers to login and work in one room should stay there.
    Lets say you have steve urkel by chance, his user name for that workstation will be urkel-ws1.
    Steve gets to use calculator, edge explorer, firefox, office standard edition and whatever else.
    You lock him then you have betty crocker, crocker-ws1, notice how I put "ws" ?
    That means workstation 1 to keep it simplified, so if something goes wrong or one of the two is doing something they shouldn't.
    Pay that work station a visit and see what the problem is, but what I mention is a suggestion it could work out.
    However your boss is on a timeline and so are you to get it working by such said date.
     
  8. dubstir

    dubstir TS Rookie Topic Starter

    This thread is not about monitoring or preventing what a "user" can and cannot do, this thread is about what Windows 10 does. We will be blocking the Windows Store and other Windows items through Domain GP. I want to know how to prevent Windows 10 from downloading all their crapware everything time a user signs into a workstation. These users do not need Candy Crush, or Duolingo, or a CodeWriter. After the scripts I shared earlier these items still download no matter what.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...