Event banner
Event details
I’m not sure if this fits squarely in the scope of this session but here goes:
For years we’ve removed unwanted Windows Store apps (solitaire, Xbox, Bing News, etc) from install.wim using ‘dism.exe /Remove-ProvisionedAppxPackage’ before deploying a Windows image to new devices via SCCM. It only recently came to my attention that removing Appx provisioned packages from the Windows image is strongly discouraged and can cause problems, so I’m looking to revamp this part of the process. If we instead use AppLocker to block the unwanted Appx packages from running at all, this should prevent the Appx packages from installing into new user profiles during their initial logon, correct? And to completely remove the provisioned apps and prevent them from installing for each new user profile, we should have Intune uninstall the packages at the Device level (as opposed to the User level), correct?
- Jason_Sandys
Microsoft
Hi pc-88, no, blocking the running of an app using AppLocker will not prevent it from being provisioned for additional accounts (or installed). Removing apps depends on how exactly they were installed and/or provisioned in the first place. The general common practice that most orgs adopt for removing built-in apps is to run a script after Windows provisioning to remove them or to use Intune to deploy uninstalls for the apps (also after provisioning).
Jason_SandysThanks. Am I correct in understanding that the Windows provisioning process is complete after OOBE is finished, and you've reached the Windows login screen?
- Jason_Sandys
The device portion of the provisioning process is complete, yes, however user provisioning won't happen until the user actually logs in for the first time.
