12-31-2018 09:41 AM
12-31-2018 09:41 AM
I am responsible for running some Win 10 computers in our group (there is no formal admin position), and on 22 Dec 2018, several people mentioned that new apps had been installed on their computers without their consent. An example includes a Xing app.
Our users are local admins, but it seems that nobody installed these apps. I was asked to remove the apps and prevent this from happening again, but I cannot even uninstall the apps. We are not running a domain controller, all computers are independent (they can access a common share on a file server).
How can I remove the apps and prevent this from happening again? I would prefer a solution that can be replicated to all my machines without too much manual intervention (e.g., some shell script or command).
It would be OK for me to completely disable the store if that is needed, we do not use it.
01-01-2019 05:00 AM
There's a lot going on here it seems. Before being able to really answer the application installation question I'd need to get some additional information about the environment. Details are important.
When you say there's no Domain Controller and that all of the machines are 'independent', what do you mean? Are they all running Windows 10 without a company login to AD (Azure or Local)? Also, what edition is running on the Windows 10 devices themselves? Is it Home, Pro, Enterprise? Is there any central management of the devices themselves as in Microsoft Intune or 3rd Party tool?
01-01-2019 05:00 AM
While disabling the Windows store is not highly recommended, more and more features are using modern applications - it is however an option! I assume these machines are Windows 10 Pro, as they are not connected to a domain. On each machine since they are not domain connected Edit local Group policy and go to Computer Configuration -> Administrative Templates -> Windows Components -> Store; in the Settings pane on the right, double click Turn off Store application, select Enabled in the properties page for the policy and click OK. See this link for details https://social.technet.microsoft.com/Forums/en-US/a8405957-5025-427e-9405-331b1a8dde21/uninstall-or-...
You also have some other options to disable downloads etc so you may want to experiment with limiting rather than disabling completely.
You can also remove applications individually - I have done this lots at Image build time -
Get-AppxPackage *windowsmaps* | Remove-AppxPackage will remove the Maps using powershell
This article details it fairly well on how its done https://www.thewindowsclub.com/remove-built-windows-10-apps-users-using-powershell-script
If you remove the applications and don't disable the Local policy to update apps in the store on an nondomain joined PC, the store apps may show back up depending on how the PC is being patched so consider that... If the machines are being managed via Intune, you also have some options... Let me know
01-02-2019 12:47 AM
The machines are running Win 10 Pro, and there is no central configuration (including no company login) of any kind. This is a scientific environment and we only have a few users.
I know that I will have to perform the operations on each PC given this configuration, but all the instructions I found included lengthy edits of the registry and creating scripts to remove all junk applications manually (at least adding their names hard-coded one by one to a script that then does remove them). This is clearly not optimal as it is gonna break the next time Microsoft adds more unwanted apps to their installation list.
I was hoping that maybe somebody else had already created a script or tool to do this and could point me into the right direction.
01-02-2019 12:56 AM
Thanks for the links and detailed explanation.
I read about the script solution using Get-AppxPackage *windowsmaps* | Remove-AppxPackage before, but that does of course mean I have to hard-code the app names and the next time Microsoft adds new ones, people are gonna show up at my desk.
I will be investigating further and update this if I find a better solution. We are mainly running scientific software that does not use the store, but as you say, I would expect that turning it off may cause other trouble some day.
I will also check Intune, thanks for the suggestion.