Re: Block Ads Microsoft Solitaire Collection Download
Edelira Longinotti
I wrote a blog post earlier about how to uninstall built-in apps from Windows 10 CBB using Powershell, -built-in-apps-from-windows-10-using-powershell/ however some apps cannot be uninstalled like Microsoft Edge, Contact Support and Windows Feedback.
They can be blocked using Applocker instead that is the best workaround I have found. Blocking them using an Applocker policy is working really well, if the user never logged on to the computer before the Applocker policy is applied the application, in this case Contact support is not installed for the user at all and therefor not present either on start or by using search which is really great!
The challenge with that right now is there is no RSAT for Windows 10 available yet so creating the policy is a a bit of a challenge. So I ended up creating the Applocker policy locally on a Windows 10 computer and then export it and then import it on a Windows 2012 R2 server with the Group Policy Management MMC installed.
2. Under Computer Configuration\Policies\Windows Settings\Security Settings\System Services change the startup to Automatic for the Application Identity Service. This service must be started for the Applocker policies to be enforced on the client computers.
6. Right-Click Packaged app Rules and select Create default Rules, this will create a rule that allows all signed apps to be executed. Note that this setting only applies to Apps and not Win32 applications.
7. Then we create a new Package app Rule by right-clicking Packaged app Rules and select Create New Rule
12 In the Applocker node in Group policy editor Right-Click and select Export policy. Save the file on a share so you can access it from the computer where you are running the Group Policy Management MMC.
13. On the computer running the Group Policy Management MMC edit the Group Policy we created in AD in step 1 and under Applocker in the group policy editor select Import Policy and import the policy exported from the Windows 10 computer.
14. You will be prompted that it will overwrite all existing policies.
Now we have a policy that can be deployed to Windows 10 that will block the Contact Support app!
Thanks for the write-up. I also have the rules working.
Same issue happened to me as well. Applied the policy and now Start Menu, Edge, etc. cannot be used anymore.
Anyone know if there is maybe a hotfix for this?
All user profiles already exist.
After applying the AppLocker GPO, the clients rebooted and the problem occurs.
Start button, Search icon, Edge icon (and maybe some other icons I did not check) are not responding when clicking on it.
Same issue as Maurice. Applocker was applied to a Windows 10 computer while I was logged on. At first, all apps were blocked. After reboot, Start menu and all apps, right-clicking on shotcuts on the taksbar is disabled (no right-click menu shows).
Follow-up: After starting gpedit (or secpol.msc) and creating the default rules, and activating the packaged apps policy, as per your guide, the Start menu and apps were enabled again (without reboot).
Hi Grossman I have found better solution on the same webpage , AskAdmin v1.6 is a Freemium portable Application and capable to block All build-in Apps and microsoft store here is the link
UWP (Store Apps) and Microsoft store
Though this is nice with Windows 10 enterprise, what about Windows 10 professional, is there a way to turn off the built in apps using a group policy or automated script that can be pushed through a GPO? Microsoft is making it very difficult for organizations without a mdm or enterprise editions.
Yes, same issue. Missing the messagebox that the app is blocked. Only a icon, that does nothing. Unless you allow the app (gpupdate /force) and disable it again (gpupdate /force) the messagebox is back.
My name is Jrgen Nilsson and I work as a Senior Consultant at Onevinn in Malm, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.