HomeAPPSWindows 10: Block useless apps

Windows 10: Block useless apps

How to prevent the operating system on Windows 10 corporate systems from installing unwanted programs and displaying useless recommendations in the Start menu. We use GPOs and Active Directory. Windows 10 has a nasty habit of suggesting and installing unwanted apps

We have long stigmatized this type of behavior: in the default configuration of Windows 10, it is not uncommon to find yourself with many useless apps automatically installed by the operating system and listed in the Apps and features window. Try typing Apps and features in the Windows 10 search box and then clicking Sort by Date of installation: you will find many programs that are present on the system and that you have never requested.

 Not only. In the Windows Start menu, in the left column, the reference to the Recommended apps appears: these are applications that are reported as potentially of interest and which in many cases are loaded on the system in use without requiring any confirmation from the user. The question is: why does the automatic installation of apps also happen on Windows 10 editions other than Home and why does this also happen on systems connected to an Active Directory domain? 

In the past we have published a script to optimize and speed up Windows 10: among the various possibilities it offers, there is precisely the one that allows you to block the installation of useless apps. In corporate environments, when there are many Windows 10 machines to administer, it is unthinkable to manually apply the changes to each client and each workstation.

How To Block Useless Apps In Windows 10 With Active Directory And GPOs

Group policies ( group policy ) are a set of rules that help control the working environment of users and computers. A Group Policy Object (GPO) is a container of rules that can represent settings in Active Directory and at the file system level. For Windows 10 systems that are connected with an Active Directory domain, it is possible to use GPOs that allow you to block the installation of useless applications and avoid the appearance of recommended programs in the Start menu.

In another article, we have briefly seen how to install and configure Active Directory as a domain controller. This time, let’s see how to leverage Active Directory to distribute policies that allow you to prevent the installation of unwanted programs in Windows 10. A specific folder contained in the system registry or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager allows you to determine whether Windows 10 can or cannot install apps automatically. 

Being a key HKEY_CURRENT_USER means that the settings are valid for each user account and not at the level of the entire machine. Active Directory helps a lot because it is possible to specify the accounts for which the customization of Windows 10 that blocks the installation of useless programs should apply.

Try from a Windows 10 client to open the command prompt and type the following: reg query HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager You will be able to verify the default settings for all the values ​​of interest. Moving to the Windows Server machine with Active Directory correctly installed and configured, first of all, open the Group Policy Management window by pressing Windows+R and then typing game. MSc.

By right-clicking on the Active Directory domain name and then on Create a group policy object in this domain and creating a link here, you can create policies to block the installation of apps in Windows 10 clients connected to the LAN. For example, you can specify no-consumer as the name of the new group policy object: in this way you will remember that the policies are used to deactivate the features typically enabled on systems intended for private users.

Right-clicking on the newly added no-consumer entry and then clicking Edit will open the Group Policy Management Editor window. Since we need to set a series of policies that, as explained above, apply at the level of a single user account (key HKEY_CURRENT_USER of the system registry), we must click on User Configuration, Preferences, Windows settings, and Registry. A box will appear on the right with the title Registry. 

By right-clicking on Registry in the left column and then on New Registry Item you can manually add all the entries to prevent the automatic installation of unwanted apps in Windows 10 and block the display of recommended programs in the Start menu. To simplify the procedure we have prepared an XML file that contains everything you need: click here to download the policies that allow you to block the installation of useless apps in Windows 10.

After saving the XML file on Windows Server just right-click it in File Explorer and choose Copy or press CTRL+V . At this point in the Registry screen of the Group Policy Management Editor just press the right-click and select Paste. When the Import Pasted Document dialog box appears, click Yes . A list of 22 HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE key-level changes will appear in the Registry window and will be distributed by Active Directory on client systems.

The policies set in this way will be distributed to the clients and on Windows 10 systems the automatic installation of unwanted programs will be avoided. Some behaviors will also be deactivated which may be welcome on private user systems but which are not advisable on company machines. Updating policies or group policies normally occurs automatically on individual client systems but it is still possible to force it using the gpupdate /force command.

By typing the command reg query HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager presented at the prompt on a Windows 10 client, you will notice how all the customizations configured using the GPOs have been applied. For those wishing to further customize the GPOs for Active Directory, we point out that in our opinion the best way to export the configured rules is to open a 

PowerShell window on Windows Server and then type the following:

MD c:\temp

Backup-GPO -Name no-consumer -Path c:\temp

In the example, indicating no-consumer, the policies of the same name that we have previously added are exported, but it is possible to specify any other denomination.

Read Also: Cut Videos Windows 10 – It’s Easy!

RELATED ARTICLES

LATEST ARTICLES