Windows 10 AppxPackage Removal For All Existing and Future User Accounts
So I know there are other posts around this question, and I have read through all the ones I found and thought I had this set up correctly, but it still isn't working correctly. I have a post-installation task with a Powershell script to remove all the appxpackage apps except for certain ones we want to keep. The task works great for the local admin account that is added during the OS deployment, but all of the apps still show up for any other accounts that log into the computer after the deployment is finished. Below is the script I'm using. Appreciate any help you all can provide in making this work for all accounts that ever log into the computer.
Get-AppxPackage -AllUsers | where-object {$_.name –notlike "*Microsoft.WindowsStore*"} | where-object {$_.name –notlike "*Microsoft.DesktopAppInstaller*"} | where-object {$_.name –notlike "*Microsoft.HEIFImageExtension*"} | where-object {$_.name –notlike "*Microsoft.MicrosoftStickyNotes*"} | where-object {$_.name –notlike "*Microsoft.MSPaint*"} | where-object {$_.name –notlike "*Microsoft.ScreenSketch*"} | where-object {$_.name –notlike "*Microsoft.StorePurchaseApp*"} | where-object {$_.name –notlike "*Microsoft.VP9VideoExtensions*"} | where-object {$_.name –notlike "*Microsoft.WebMediaExtensions*"} | where-object {$_.name –notlike "*Microsoft.WebpImageExtension*"} | where-object {$_.name –notlike "*Microsoft.Windows.Photos*"} | where-object {$_.name –notlike "*Microsoft.WindowsCalculator*"} | where-object {$_.name –notlike "*Microsoft.WindowsCamera*"} | where-object {$_.name –notlike "*Microsoft.ZuneMusic*"} | where-object {$_.name –notlike "*Microsoft.ZuneVideo*"} | Remove-AppxPackage
Get-AppxProvisionedPackage -Online | where-object {$_.name –notlike "*Microsoft.WindowsStore*"} | where-object {$_.name –notlike "*Microsoft.DesktopAppInstaller*"} | where-object {$_.name –notlike "*Microsoft.HEIFImageExtension*"} | where-object {$_.name –notlike "*Microsoft.MicrosoftStickyNotes*"} | where-object {$_.name –notlike "*Microsoft.MSPaint*"} | where-object {$_.name –notlike "*Microsoft.ScreenSketch*"} | where-object {$_.name –notlike "*Microsoft.StorePurchaseApp*"} | where-object {$_.name –notlike "*Microsoft.VP9VideoExtensions*"} | where-object {$_.name –notlike "*Microsoft.WebMediaExtensions*"} | where-object {$_.name –notlike "*Microsoft.WebpImageExtension*"} | where-object {$_.name –notlike "*Microsoft.Windows.Photos*"} | where-object {$_.name –notlike "*Microsoft.WindowsCalculator*"} | where-object {$_.name –notlike "*Microsoft.WindowsCamera*"} | where-object {$_.name –notlike "*Microsoft.ZuneMusic*"} | where-object {$_.name –notlike "*Microsoft.ZuneVideo*"} | Remove-AppxPackage
Answers (3)
Hi MABrooks
We use the below powershell script to remove all the metro apps and keep the main ones like Calcualtor.
Make this a Post Installaiton task on your K2000 or K1000 and it will deploy and remove all the Windows 10 bloatware.
https://github.com/Sycnex/Windows10Debloater/blob/master/Windows10Debloater.ps1
This will run when deployed and any user that logs on after will have a clean debloated profile.
Make sure your full command line is the same as below.
powershell -nologo -executionpolicy bypass -noprofile -file Windows10Debloater.ps1
Is this the sort of thing your looking for?
Kind Regards
Lawrence
Comments:
-
Thanks Lawrence, that appears to be what I was looking for. I'm testing creating a new sysprep image with everything we don't want already removed and copying the profile to see if that works, but if not, I'll definitely give this a go! - MABrooks 5 years ago
-
Hi Mabrooks
I would recommend trying to stay on the path of a scripted installation than a system image makes it more simple when imaging on different systems and also adding and updating software in the future.
The powershell above as a post installation on a scripted installation will help you complete the task you would like to do better than trying to do it in a system image.
If there is anything else i can help you with then please let me know.
Kind Regards
Lawrence - lonsdale97 5 years ago-
I hate to hijack this question but with the ps1 script, it prompts with questions. Is there a way to make it silent? I haven't ran it in powershell and not from the kace so the results might be different from there. - pbroussard 5 years ago
I stopped doing scripted installs, they are harder to customize in detail.
For images make sure you use the administrator account to copy to default and never never login with another user on your master. It creates problems removing store apps since another user had the app installed. Remove all the tiles under administrator and place the only what you want everyone to see.
If you do not use a VM for your master (I use a Dell 5050) make sure any apps installed by windows for the audio or video are removed in control panel - programs prior to sysprep
Our golden images for windows 10 (regular and LTSC) are minimal. We have all the browsers and they are configured how we want, we have the base adobe products. Also install things like the VPN then we can put the UNC in so users only need to enter name/password, configure VNC and a few minor programs. Also this gives everyone the same directory structure so programs like Firefox all will have the same path now vs unique per user in the profiles. easier to make changes when all machines are the same.
We do not install office till post the newer versions have some hard paths in the registry so if you install office prior everyone will have pointers to administrator directories in their profile. I copied the office install to a temp directory on my master. It installs post and then deletes the install.
I run a pin.ps1 to pin any tiles post like office after I install it
(New-Object -ComObject shell.application).Namespace('C:\Program Files (x86)\Microsoft Office\Office16\').parsename('excel.exe').invokeverb('pintostartscreen')
(New-Object -ComObject shell.application).Namespace('C:\Program Files (x86)\Microsoft Office\Office16\').parsename('powerpnt.exe').invokeverb('pintostartscreen')
(New-Object -ComObject shell.application).Namespace('C:\Program Files (x86)\Microsoft Office\Office16\').parsename('winword.exe').invokeverb('pintostartscreen')
We use post tasks and the SMA to finish the images.
If you keep the driver feed current a sysprep image will get its drivers just like a scripted image.
You can create your answer files with the tool Kace has https://www.itninja.com/blog/view/sysprep-creator-wizard
or use Microsoft's WSIM to create and validate.
I recommend using the Kace tool to build and the WSIM to validate the file and also encrypt the passwords.
On the Win10 images I have the cleanup.ps1 file that removes the apps we do not want. I run it manually prior to sysprep and also as my first post task when the machine comes out of sysprep. (app paranoia) and poke the registry to stop them re-pushing the commercial apps.
We push the same wim file to all our desktops and laptops without any problem. We have a lot of different models in use, even surface's they all take the image.
The method you choose should be based on skills available and what works best for your organization.
We image because in our classrooms the techs use WOL to wake machines, change boot to pxe with the SMA, cast image automatically from SDA, set bios back to hdd first mid level, never having to touch a machines except the occasional failure. New machines they set the bios and boot to pxe, choose image and walk away. most imaging can be done from a tech station in shop.
On admin they image replacement machine in shop, arranges with customer when they can have an hour to migrate them. take machine to their office, pull mig file to usb drive, remove old machine from domain, put new machine in place give it same name and join to domain and migrate back.
I used to run my PS1 file just prior to sysprep and copied the user to default so they were not here to begin with.
I also had to set this reg key or they came back for new users after a bit, try adding this to your post prior to running ps.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v DisableWindowsConsumerFeatures /d 00000001 /t REG_DWORD /f
Comments:
-
Thanks SMal. If I set the reg key, will it still allow the apps we want to keep to install, or will that disable all apps? - MABrooks 5 years ago
-
https://www.windowsmanagementexperts.com/disabling-windows-10-consumer-experience/disabling-windows-10-consumer-experience.htm - SMal.tmcc 5 years ago
-
Awesome, thanks again! I noticed you said you "used to" run prior to sysprep. Are you using GPO to manage it all now? Just curious what ways others use and prefer. - MABrooks 5 years ago
-
No we went to the LTSC version that does not have the store installed. You can still add the store back barebones if needed. We have had to do that for a couple of people for certain apps and that works great - SMal.tmcc 5 years ago
-
How exactly are you adding the store into a LTSC image? - RD94 5 years ago
dism /image:c:\mount /get-provisionedappxpackages
Lists the packages that exist in the WIM. Then i sorted out the ones I didn't want;
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.Getstarted_7.3.20251.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.Microsoft3DViewer_5.1902.20012.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.MicrosoftOfficeHub_18.1901.1141.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.MixedReality.Portal_2000.19010.1151.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.Office.OneNote_16001.11126.20076.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.OneConnect_5.1902.361.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.People_2019.123.2346.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.Print3D_3.3.311.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.SkypeApp_14.35.152.0_neutral_~_kzf8qxf38zg5c
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:microsoft.windowscommunicationsapps_16005.11029.20108.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.WindowsFeedbackHub_2019.226.2324.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.XboxApp_48.48.7001.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.XboxGameOverlay_1.32.17005.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.XboxGamingOverlay_2.26.14003.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe
dism /image:c:\mount /Remove-ProvisionedAppxPackage /PackageName:Microsoft.YourPhone_2018.1128.231.0_neutral_~_8wekyb3d8bbwe
Although all those version suffixes will probably drift over time. - L1ttl3J1m 5 years ago