So I ended up creating the Applocker policy locally on a Windows 10 computer and then export it and then import it on a Windows 2012 R2 server with the Group Policy Management MMC installed. The challenge with that right now is there is no RSAT for Windows 10 available yet so creating the policy is a a bit of a challenge. So this method could be used instead of uninstalling the apps as the end result for the end-user is basically the same if they haven’t logged on to the computer before the policy is applied. If the user have logged on to the computer before the Applocker policy is applied the applications is present but the user can no longer start it, and will get the below message displayed. Blocking them using an Applocker policy is working really well, if the user never logged on to the computer before the Applocker policy is applied the application, in this case Contact support is not installed for the user at all and therefor not present either on start or by using search which is really great! They can be blocked using Applocker instead that is the best workaround I have found. I wrote a blog post earlier about how to uninstall built-in apps from Windows 10 CBB using Powershell, however some apps cannot be uninstalled like Microsoft Edge, Contact Support and Windows Feedback.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |