Last Updated on 2017-11-21.
[:en]The annual Windows upgrade can be quite challenging for companies every year. It should be working like a common update, but this is not reality in many cases. I will try to summarize which things are to consider especially, at the moment for release 1709, but hopefully compatible with future releases.
Disable compatibility checks
This feature might be well-intentioned, but can cause huge problems. Imagine your domain workstations need a certain software which is essential for the company, but is listed on MS’ incompatibility list for the new release (even if it’s still working, but is just not officially supported by the manufacturer because he is more interested in selling upgrades for his software).
So if you leave those compatibility checks active, it might happen this software gets silently deleted during the upgrade process.
In GPO, activate 2 entries:
- Computer Configuration -> Administrative Templates -> Windows Components -> Application Compatibility -> Disable the wizard and the compatibility feature
German Screenshot:
Keep default file extension associations
With v1709, only the Photos app seems to be affected; JPG files are redirected to TwinUI (which might not exist if you remove all apps).
To use the “old” Windows Photo Viewer application, look e.g. here.
To reset the mapping e.g. for .jpg and .jpeg files, modify the registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice -> ProgId (Reg_SZ), "PhotoViewer.FileAssoc.Tiff" (same for "FileExts\.jpg" key)
Note: If you keep the Photos app installed, it will always try to overwrite default associations. So if you do not really need it, remove it (see script below).
If TwinUI keeps being mapped to image files even when it’s uninstalled, it might help to delete the user’s %localappdata% folder (or at least %localappdata%\packages, if you do not use redirected profile folders).
Remove unnecessary apps
It’s a pity there is no really simple way to just disable apps, games etc. Regarding domain workstations, it is quite rediculous if the productive worker opens the start menu and gets overwhelmed with things like Xbox, CandyCrush and other games and ads by default.
Many restrictions regarding the App Store, OneDrive etc. can be done via GPO (see other posts), but to generally uninstall apps for all users, future installations and future upgrades, you need a Powershell script (below). In addition, there are some huge obstacles regarding its automation:
- Simple scripts like “Get-AppxPackage | Remove-AppxPackage” (with several variations) might work fine in a testing Powershell running as Administrator user, but NOT with the SYSTEM account! Although, GPO startup scripts are run by SYSTEM.
- To make it run under the local system account, we need the tools from this useful Github project.
- BUT the final script will, however, not run as GPO startup script! No matter how errors are handled or ignored, it freezes after the first Remove-AppxPackage exception.
- So we have to deploy a scheduled task via GPO. As trigger, “On Startup” would be perfect, but does not work for unknown reason. Instead, use the “On Logon” trigger, which should run the script as SYSTEM user (it’s not possible to enter passwords here any more, due to a Windows update because of security issues).
I modified the original Github script a bit, so it removes all apps except certain ones.
#custom
#removes every app except store, calc, photos
#(you can use the commented lines below for logging / debugging purposes)
#$ErrorActionPreference="SilentlyContinue"
#Stop-Transcript | out-null
#$ErrorActionPreference="Continue"
#Start-Transcript -path C:\output.txt -append
"Checking installed apps"
$win10release = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId
if ($win10release -lt 1709)
{
"Skipping (release $win10release might not support all Remove parameters)."
exit
}
#If script should not run on certain computers...
#if ($env:computername -like "*myExceptedPC*")
#{
# "Machine skipped"
# exit
#}
if (Test-Path "$env:programfiles\WindowsApps\Microsoft.Xbox*")
{
"Deleting..."
#Start-Sleep -Seconds 10
Import-Module -DisableNameChecking $PSScriptRoot\Debloat-Windows-10-Master\lib\take-own.psm1
Import-Module -DisableNameChecking $PSScriptRoot\Debloat-Windows-10-Master\lib\force-mkdir.psm1
Write-Output "Elevating privileges for this process"
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
Write-Output "Uninstalling default apps"
#$apps = (Get-AppxPackage -AllUsers | where-object {$_.name –notlike "*store*" -And $_.name -notlike "*calc*" -And $_.name -notlike "*photos*" } ).name
$apps = (Get-AppxPackage -AllUsers | where-object {$_.name –notlike "*store*" -And $_.name -notlike "*calc*" } ).name
foreach ($app in $apps) {
"Trying to remove $app"
Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
Get-AppXProvisionedPackage -Online |
Where-Object DisplayName -EQ $app |
Remove-AppxProvisionedPackage -Online
}
# Prevents "Suggested Applications" returning
force-mkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content"
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1
"Finished."
}
else
{
"Skipped."
}
#Stop-Transcript
Note: You need the Github project’s library files in a subfolder to run the script.
The .bat file to run it as scheduled task could look like,
start "" Powershell.exe -executionpolicy Unrestricted -File "\\files\gpostuff\Debloat-Windows-10\removeApps.ps1" < NUL
Other informational notes
To test Powershell scripts as System user, use package PsTools.
Usage:
psexec -i -s -d cmd #or psexec -i -s -d powershell #test whoami
E.g. these commands do not work via System user like they do with Administrator user:
Get-AppxPackage -AllUsers | Remove-AppxPackage
Get-AppxPackage -AllUsers | Remove-AppxPackage -AllUsers
Get-AppxProvisionedPackage -online | Remove-AppxPackage -online
You will receive DISM errors like
- 0x80070032
- 0x80040154
Remove new People / Contacts icon from taskbar
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People -> PeopleBand: DWORD, 0
Sysprep
Sysprep is not a friend of modern apps. Especially when you always did Win10 in-place upgrades, there can result inconsistencies with app versions, the app database, various app directories – even if you do not even use any app. Solving sysprep issues is explained in a separate post.[:]