Solved Script to Clean up Windows 10 Start Menu?
Cleaning up existing users for a script can likely be challenging without making all kinds of assumptions or asking a million questions of the users.
That's why I think you see all of these scripts designed for new setups, not existing ones.
Tis blog post points to a PowerShell script you can use to remove most of the built in apps. -
@JasGot said in Script to Clean up Windows 10 Start Menu:
@Obsolesce said in Script to Clean up Windows 10 Start Menu:
This one let's you get granular and has a GUI where you can import and export a start menu.
Well. I had high hopes for this. Or, better yet, my expectations were too high. After testing for two minutes, I've decided the app is not for me. Maybe I'll use it just to clear out the start menu with the Start Menu> Empty Start Menu XML template (I'll try that in a minute...).
The first thing I did was Check All on the Win10 crAPPs page and then Check All on the App & Privacy Settings page. Ran both removers and was left with this:
Reboot after you run it. Whatever you are left with after that has to be done in audit mode pre initial user login. That's not a limitation of the script, but a limitation of how Windows does it.
@JasGot said in Script to Clean up Windows 10 Start Menu:
That's hardly a cleanup.
Oh, and I just tried the Empty Start Menu template....You can only apply it to new users.
Darn, I was so excited.Start menu layout can only be changed in that way for new users that haven't logged on to the system yet.
Again, not a script limitation, but how Windows makes it.
@Obsolesce said in Script to Clean up Windows 10 Start Menu:
@JasGot said in Script to Clean up Windows 10 Start Menu:
That's hardly a cleanup.
Oh, and I just tried the Empty Start Menu template....You can only apply it to new users.
Darn, I was so excited.Start menu layout can only be changed in that way for new users that haven't logged on to the system yet.
Again, not a script limitation, but how Windows makes it.
Pretty sure you can get powershell to tell you all the store installed crap - and then uninstall it, on a user by user basis...
And as mentioned, a reboot might show much of that stuff gone.
After three days of exploring this. I'm giving up. I can remove the tiles faster by hand.
I chose to forego all the existing scripts because they either don't work, or they uninstall items. There are too many hooks between too many apps to be confident in uninstalling apps without potential consequences.
With all the failures in modifying Start Menu items coming from Microsoft changes, I just can't take the chance that a production machine won't have an issue later (mostly with updates) because an app was removed.
I have also found that there is either no way (or the process is broke) to use XML to control the Start Menu for an existing user (without GPO).
And to top it all off, it appears the ability to modify the Taskbar is broke in 1803 or only works intermittently. Further, in all of the 100's of posts I've read, no one can actually provide a working example. It seems as though every time someone says "I got it working", some else says "post your XML", and they can't because it suddenly isn't working again.
I had narrowed the choices down to one:
but I was unable to make it work 100% of the time. I did not check to see if the unreliability was caused by varying levels of updates; I need it to work across all updates, because I need the start menu modification to work after the upgrade to 10 and before all the updates have taken place. I need to be able to go from 7 to 10 with a custom start menu in under an hour. If I have to wait for certain updates to apply, it could take two full days.I'll keep searching for a solution, but for now, the Windows 10 upgrades are on hold.
Interesting - I've been using the 1803 version of the script for 9 months now with zero problems. I'll post my script and XML later today.
I modified the original script to leave things like the camera in place. You'll need to read through it to see if it suits you.
#Windows 10 Decrapifier 1803 #By CSAND #July 17 2018 # # #PURPOSE: Eliminate much of the bloat that comes with Windows 10. Change many privacy settings to be off by default. Remove built-in advertising, Cortana, OneDrive, xBox stuff (all optional). Disable some data collection. # Clean up the start menu for new user accounts. Remove a bunch of pre-insalled apps, or all of them (including the store). Create a more professional looking W10 experience. Changes some settings no longer # available via GPO for Professional edition. # #DISCLAIMER: Most of the changes are easily undone, but some like removing the store are difficult to undo. I encourage you to research these changes beforehand, and read through the script. # Each section is described with comments, to make it easier to see what's going on. # # #INSTRUCTIONS: For best results use the following how-tos. Running from an existing profile on an "in-use" machine won't affect any already-existing user profiles and won't give the best results. # Read through the script to see what is disabled, and comment out anything you want to keep. # #Single machine how-to: # # #Basic MDT how-to: # # # #Join the Spiceworks Decrapifier community group on Spiceworks to get help or make suggestions! # # # #OFFICIAL DOWNLOAD: # #This is the only place I post any updates to this script. # #Previous versions: # # # # # #***Switches*** # #Switch Function #--------------------------- #No switches Disables unnecessary services and scheduled tasks. Removes all UWP apps except for some useful ones. Disables Cortana, OneDrive, restricts default privacy settings and cleans up the default start menu. #-allapps Removes ALL apps including the store. Make sure this is what you want before you do it. It can be tough to get the store back. #-leavetasks Leaves scheduled tasks alone. #-leaveservices Leaves services alone. #-appaccess Leaves privacy/access options alone - depending on your usage, some issues can be prevented by leaving them with default (unrestricted) permissions. They are set to restricted by default in this script. #-clearstart Empties the start menu completely leaving you with just the apps list. #-onedrive Leaves all OneDrive content fully functional. #-tablet Use this for tablets or 2-in-1s to leave location and sensors enabled. #-cortana Leave Cortana and web enabled search intact... if that's what you really want. #-xbox Leave xbox apps and related items. #-appsonly Only removes apps, doesn't touch privacy settings, services, and scheduled tasks. Cannot be used with -settingsonly switch. Can be used with all the others. #-settingsonly Only adjusts privacy settings, services, and scheduled tasks. Leaves apps. Cannot be used with -appsonly switch. Can be used with all others (-allapps won't do anything in that case, obviously). [cmdletbinding(DefaultParameterSetName="Decrapifier")] param ( [switch]$allapps, [switch]$leavetasks, [switch]$leaveservices, [switch]$appaccess, [switch]$onedrive, [switch]$xbox, [switch]$tablet, [switch]$cortana, [switch]$clearstart, [Parameter(ParameterSetName="AppsOnly")] [switch]$appsonly, [Parameter(ParameterSetName="SettingsOnly")] [switch]$settingsonly ) #------USER EDITABLE VARIABLES - change these to your tastes!------ #Apps to keep. Wildcard is implied so try to be specific enough to not overlap with apps you do want removed. #Make sure not begin or end with a | (vertical line) ex: "app|app2" - good. "|app|app2|" - bad. $GoodApps = "camera|microphone|store|calculator|sticky||soundrecorder|mspaint" #Start Menu XML. If you run the script without -clearstart, the XML below will be used for a custom start layout. By default it just leaves File Explorer, classic Control Panel, and Snipping Tool tiles. #Place your XML like so: # $StartLayourStr = @" # <**YOUR START LAYOUT XML**> # "@ $StartLayoutStr = @" <?xml version="1.0" encoding="utf-8"?> <LayoutModificationTemplate xmlns="" xmlns:defaultlayout="" xmlns:start="" xmlns:taskbar="" Version="1"> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout=""> <start:Group Name="" xmlns:start=""> <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" /> </start:Group> </defaultlayout:StartLayout> </StartLayoutCollection> </DefaultLayoutOverride> <CustomTaskbarLayoutCollection PinListPlacement="Replace"> <defaultlayout:TaskbarLayout> <taskbar:TaskbarPinList> <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" /> </taskbar:TaskbarPinList> </defaultlayout:TaskbarLayout> </CustomTaskbarLayoutCollection> </LayoutModificationTemplate> "@ #------End editable variables------ #---Functions--- #Appx removal #First determines based on -onedrive and -xbox switches whether to also leave Onedrive apps, xBox apps, both, or none. Then removes all apps or some apps depending on -allapps. Function RemoveApps { If ($onedrive -and !$xbox){ $GoodApps = "$GoodApps|oneconnect|skydrive"} Elseif (!$onedrive -and $xbox) { $GoodApps = "$GoodApps|xbox"} Elseif ($onedrive -and $xbox) { $GoodApps = "$GoodApps|xbox|oneconnect|skydrive"} Else {} If ($allapps) { Write-Host "***Removing all apps and provisioned appx packages for this machine...***" Get-AppxPackage -allusers | Remove-AppxPackage -erroraction silentlycontinue Get-AppxPackage -allusers | Remove-AppxPackage -erroraction silentlycontinue Get-AppxProvisionedPackage -online | Remove-AppxProvisionedPackage -online -erroraction silentlycontinue } Else { Write-Host "***Removing many apps and provisioned appx packages for this machine...***" Get-AppxPackage -allusers | where-object {$ -notmatch $GoodApps} | Remove-AppxPackage -erroraction silentlycontinue Get-AppxPackage -allusers | where-object {$ -notmatch $GoodApps} | Remove-AppxPackage -erroraction silentlycontinue Get-AppxProvisionedPackage -online | where-object {$_.displayname -notmatch $goodapps} | Remove-AppxProvisionedPackage -online -erroraction silentlycontinue } } #Disable scheduled tasks #Tasks: Various CEIP and information gathering/sending tasks. Function DisableTasks { If ($leavetasks) { Write-Host "***Leavetasks switch set - leaving scheduled tasks alone...***" } Else { Write-Host "***Disabling some unecessary scheduled tasks...***" Get-Scheduledtask "Microsoft Compatibility Appraiser","ProgramDataUpdater","Consolidator","KernelCeipTask","UsbCeip","Microsoft-Windows-DiskDiagnosticDataCollector", "GatherNetworkInfo","QueueReporting" -erroraction silentlycontinue | Disable-scheduledtask } } #Disable services Function DisableServices { If ($leaveservices) { Write-Host "***Leaveservices switch set - leaving services alone...***" } Else { Write-Host "***Stopping and disabling some services...***" #Diagnostics tracking WMP Network Sharing Get-Service Diagtrack,WMPNetworkSvc -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled #WAP Push Message Routing NOTE Sysprep w/ Generalize WILL FAIL if you disable the DmwApPushService. Commented out by default. #Get-Service DmwApPushService -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled #xbox services If ($xbox){ } Else { #Disable xbox services - "xBox Game Monitoring Service" - XBGM - Can't be disabled (access denied) Get-Service XblAuthManager,XblGameSave,XboxNetApiSvc -erroraction silentlycontinue | stop-service -passthru | set-service -startuptype disabled } #OneDrive services If ($onedrive) { } Else { #Disable OneDrive Sync service Get-Service OneSyncSvc | stop-service -passthru | set-service -startuptype disabled } } } #Registry change functions #Load default user hive Function loaddefaulthive { reg load "$reglocation" c:\users\default\ntuser.dat } #unload default user hive Function unloaddefaulthive { [gc]::collect() reg unload "$reglocation" } #Set current and default user registry settings Function RegSetUser { #Start menu suggestions Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SystemPaneSuggestionsEnabled" /D 0 /F #Show suggested content in settings Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338393Enabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-353694Enabled" /D 0 /F #Show suggestions occasionally Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338388Enabled" /D 0 /F #Multitasking - Show suggestions in timeline Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-353698Enabled" /D 0 /F #Lockscreen suggestions, rotating pictures Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SoftLandingEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "RotatingLockScreenEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "RotatingLockScreenOverlayEnabled" /D 0 /F #Preinstalled apps, Minecraft Twitter etc all that - Enterprise only it seems Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "PreInstalledAppsEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "PreInstalledAppsEverEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "OEMPreInstalledAppsEnabled" /D 0 /F #MS shoehorning apps quietly into your profile Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SilentInstalledAppsEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "ContentDeliveryAllowed" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContentEnabled" /D 0 /F #Ads in File Explorer Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V "ShowSyncProviderNotifications" /D 0 /F #Show me the Windows welcome experience after updates and occasionally Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-310093Enabled" /D 0 /F #Get tips, tricks, suggestions as you use Windows Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-338389Enabled" /D 0 /F #Auto update and download of Windows Store Apps - comment in to disable if you are not using the store #Reg Add "$reglocation\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "AutoDownload" /D 2 / #Privacy Settings #Let websites provide local content by accessing language list - appears to reset during OOBE * Reg Add "$reglocation\Control Panel\International\User Profile" /T REG_DWORD /V "HttpAcceptLanguageOptOut" /D 1 /F #Ask for feedback Reg Add "$reglocation\SOFTWARE\Microsoft\Siuf\Rules" /T REG_DWORD /V "NumberOfSIUFInPeriod" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Siuf\Rules" /T REG_DWORD /V "PeriodInNanoSeconds" /D 0 /F #Let apps use advertising ID Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /T REG_DWORD /V "Enabled" /D 0 /F #Let Windows track app launches to improve start and search results - includes run history Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /T REG_DWORD /V "Start_TrackProgs" /D 0 /F #Tailored experiences - Diagnostics & Feedback settings Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Privacy" /T REG_DWORD /V "TailoredExperiencesWithDiagnosticDataEnabled" /D 0 /F #Let apps on other devices open messages and apps on this device - Shared Experiences settings Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" /T REG_DWORD /V "RomeSdkChannelUserAuthzPolicy" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CDP" /T REG_DWORD /V "CdpSessionUserAuthzPolicy" /D 0 /F #Speech Inking & Typing Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /T REG_DWORD /V "Enabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization" /T REG_DWORD /V "RestrictImplicitTextCollection" /D 1 /F Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization" /T REG_DWORD /V "RestrictImplicitInkCollection" /D 1 /F Reg Add "$reglocation\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /T REG_DWORD /V "HarvestContacts" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Personalization\Settings" /T REG_DWORD /V "AcceptedPrivacyPolicy" /D 0 /F #Improve inking & typing recognition Reg Add "$reglocation\SOFTWARE\Microsoft\Input\TIPC" /T REG_DWORD /V "Enabled" /D 0 /F #Pen & Windows Ink - Show recommended app suggestions Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\PenWorkspace" /T REG_DWORD /V "PenWorkspaceAppSuggestionsEnabled" /D 0 /F #People #Show My People notifications Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People\ShoulderTap" /T REG_DWORD /V "ShoulderTap" /D 0 /F #Show My People app suggestions Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /T REG_DWORD /V "SubscribedContent-314563Enabled" /D 0 /F #People on Taskbar Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" /T REG_DWORD /V "PeopleBand" /D 0 /F #Other Settings #Use Autoplay for all media and devices Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /T REG_DWORD /V "DisableAutoplay" /D 1 /F #Taskbar search, personal preference. 0 = no search, 1 = search icon, 2 = search bar Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "SearchboxTaskbarMode" /D 0 /F #Allow search to use location if it's enabled Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "AllowSearchToUseLocation" /D 0 /F #--Optional User Settings-- #App permissions user settings, these are all available from the settings menu If ($appaccess) { } Else{ #App permissions #Location - see tablet settings #Camera #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam" /T REG_SZ /V "Value" /D Deny /F #Microphone #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone" /T REG_SZ /V "Value" /D Deny /F #Notifications - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}" /T REG_SZ /V "Value" /D Deny /F #Account Info Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /T REG_SZ /V "Value" /D Deny /F #Contacts Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /T REG_SZ /V "Value" /D Deny /F #Calendar Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /T REG_SZ /V "Value" /D Deny /F #Call history Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /T REG_SZ /V "Value" /D Deny /F #Email Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /T REG_SZ /V "Value" /D Deny /F #Tasks Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /T REG_SZ /V "Value" /D Deny /F #TXT/MMS Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /T REG_SZ /V "Value" /D Deny /F #Radios - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /T REG_SZ /V "Value" /D Deny /F #Other Devices - reset during OOBE #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /T REG_SZ /V "Value" /D Deny /F #Cellular Data Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\cellularData" /T REG_SZ /V "Value" /D Deny /F #Allow apps to run in background global setting Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /T REG_DWORD /V "GlobalUserDisabled" /D 1 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "BackgroundAppGlobalToggle" /D 0 /F #App Diagnostics - doesn't appear to work in 1803, setting hasn't been moved as of 1803 like most of the others #Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2297E4E2-5DBE-466D-A12B-0F8286F0D9CA}" /T REG_SZ /V "Value" /D Deny /F #My Documents Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /T REG_SZ /V "Value" /D Deny /F #My Pictures Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /T REG_SZ /V "Value" /D Deny /F #My Videos Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /T REG_SZ /V "Value" /D Deny /F #File System Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /T REG_SZ /V "Value" /D Deny /F } #Disable Cortana - use -cortana to leave it on If ($cortana){ } Else{ #Disable Cortana and Bing search user settings Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CanCortanaBeEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "BingSearchEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "DeviceHistoryEnabled" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaConsent" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "CortanaInAmbientMode" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Speech_OneCore\Preferences" /T REG_DWORD /V "VoiceActivationEnableAboveLockscreen" /D 0 /F #Disable Cortana search history Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /T REG_DWORD /V "HistoryViewEnabled" /D 0 /F } #Tablet Settings - use -tablet switch to leave these on If ($tablet) { } Else { #Deny access to location and sensors Reg Add "$reglocation\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Permissions\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /T REG_DWORD /V "SensorPermissionState" /D 0 /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /T REG_SZ /V "Value" /D Deny /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E6AD100E-5F4E-44CD-BE0F-2265D88D14F5}" /T REG_SZ /V "Value" /D Deny /F Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /T REG_SZ /V "Value" /D Deny /F } #Game settings - use -xbox to leave these on If ($xbox) { } Else { #Disable Game DVR Reg Add "$reglocation\System\GameConfigStore" /T REG_DWORD /V "GameDVR_Enabled" /D 0 /F } #OneDrive settings - use -onedrive switch to leave these on If ($onedrive) { } Else { #Disable Onedrive startup run user settings Reg Add "$reglocation\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /T REG_BINARY /V "OneDrive" /D 0300000021B9DEB396D7D001 /F } #End user registry settings } #Set local machine settings and local group policies Function RegSetMachine { #--Local GP settings-- CONVERT THESE TO HKCU / DEFAULT / HKLM WHERE POSSIBLE #Can be adjusted in GPedit.msc in Pro+ editions. #Local Policy\Computer Config\Admin Templates\Windows Components #/Application Compatibility #Turn off Application Telemetry Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /T REG_DWORD /V "AITEnable" /D 0 /F #Turn off inventory collector Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /T REG_DWORD /V "DisableInventory" /D 1 /F #/Cloud Content #Do not show Windows Tips Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableSoftLanding" /D 1 /F #Turn off Consumer Experiences Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableWindowsConsumerFeatures" /D 1 /F #3rd party suggestions Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableThirdPartySuggestions" /D 1 /F #Turn off all spotlight features #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /T REG_DWORD /V "DisableWindowsSpotlightFeatures" /D 1 /F #/Data Collection and Preview Builds #Set Telemetry to off (switches to 1:basic for W10Pro and lower) Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V "AllowTelemetry" /D 0 /F #Disable pre-release features and settings #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /T REG_DWORD /V "EnableConfigFlighting" /D 0 /F #Do not show feedback notifications Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /T REG_DWORD /V "DoNotShowFeedbackNotifications" /D 1 /F #/Microsoft Edge #Always send do not track Reg Add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main" /T REG_DWORD /V "DoNotTrack" /D 1 /F #/Store #Turn off Automatic download/install of app updates - comment in if you aren't using the store - also in HKCU #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "AutoDownload" /D 2 /F #Disable all apps from store, left disabled by default #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "DisableStoreApps" /D 1 /F #Turn off Store, left disabled by default #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\WindowsStore" /T REG_DWORD /V "RemoveWindowsStore" /D 1 /F #/Sync your settings #Do not sync (anything) Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /T REG_DWORD /V "DisableSettingSync" /D 2 /F #Disallow users to override this Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /T REG_DWORD /V "DisableSettingSyncUserOverride" /D 1 /F #Windows Search #Set what info is shared in search to anonymous only (may be deprecated) Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "ConnectedSearchPrivacy" /D 3 /F #!!!None of these effective anymore in 1803!!! #Disallow web search from desktop search #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "DisableWebSearch" /D 1 /F #Don't search the web or display web results in search #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "ConnectedSearchUseWeb" /D 0 /F #Don't allow search to use location #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowSearchToUseLocation" /D 0 /F #/Windows Update #Turn off featured SOFTWARE notifications through WU (basically ads) Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /T REG_DWORD /V "EnableFeaturedSoftware" /D 0 /F #--Non Local GP Settings-- #Delivery Optimization settings - sets to 1 for LAN only, change to 0 for off Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /T REG_DWORD /V "DownloadMode" /D 1 /F Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /T REG_DWORD /V "DODownloadMode" /D 1 /F Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /T REG_DWORD /V "DownloadMode" /D 1 /F #Disabling advertising info and device metadata collection for this machine Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /T REG_DWORD /V "Enabled" /D 0 /F Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /V "PreventDeviceMetadataFromNetwork" /T REG_DWORD /D 1 /F #Disable CEIP. GP setting at: Computer Config\Admin Templates\System\Internet Communication Managemen\Internet Communication settings Reg Add "HKLM\SOFTWARE\Microsoft\SQMClient\Windows" /T REG_DWORD /V "CEIPEnable" /D 0 /F #Prevent using sign-in info to automatically finish setting up after an update Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /T REG_DWORD /V "ARSOUserConsent" /D 2 /F #Prevent apps on other devices from opening apps on this one - disables phone pairing #Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SmartGlass" /T REG_DWORD /V "UserAuthPolicy" /D 0 /F #Enable diagnostic data viewer Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey" /T REG_DWORD /V "EnableEventTranscript" /D 1 /F #Disable Edge desktop shortcut Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /T REG_DWORD /V "DisableEdgeDesktopShortcutCreation" /D 1 /F #Filter web content through smartscreen. Left enabled by default. #Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /T REG_DWORD /V "EnableWebContentEvaluation" /D 0 /F #--Optional Machine Settings-- #Disable Cortana - use -cortana to leave it on If ($cortana){ } Else{ #Cortana local GP - Computer Config\Admin Templates\Windows Components\Search #Disallow Cortana Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowCortana" /D 0 /F #Disallow Cortana on lock screen - seems pointless with above setting, may be deprecated, covered by HKCU anyways #Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /T REG_DWORD /V "AllowCortanaAboveLock" /D 0 /F } #Tablet Settings - use -tablet switch to leave these on If ($tablet) { } Else { #Turn off location - global Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /T REG_SZ /V "Value" /D Deny /F } #Game settings - use -xbox to leave these on If ($xbox) { } Else { #Disable Game Monitoring Service Reg Add "HKLM\SYSTEM\CurrentControlSet\Services\xbgm" /T REG_DWORD /V "Start" /D 4 /F } #OneDrive settings - use -onedrive switch to leave these on If ($onedrive) { } Else { #Prevent usage of OneDrive local GP - Computer Config\Admin Templates\Windows Components\OneDrive Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /T REG_DWORD /V "DisableFileSyncNGSC" /D 1 /F Reg Add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /T REG_DWORD /V "DisableFileSync" /D 1 /F #Remove OneDrive from File Explorer Reg Add "HKCR\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /T REG_DWORD /V "System.IsPinnedToNameSpaceTree" /D 0 /F Reg Add "HKCR\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /T REG_DWORD /V "System.IsPinnedToNameSpaceTree" /D 0 /F } #End machine registry settings } #Registry change function - 1st pass HKCU, 2nd pass default NTUSER.dat Function RegChange { Write-Host "***Setting registry for current and default user, and policies for local machine...***" $reglocation = "HKCU" regsetuser $reglocation = "HKLM\AllProfile" loaddefaulthive; regsetuser; unloaddefaulthive $reglocation = $null regsetmachine Write-Host "***Registry set current user and default user, and policies set for local machine!***" } #Clean up the default start menu Function ClearStartMenu { If ($clearstart) { Write-Host "***Setting empty start menu for new profiles...***" #Don't edit this. Creates empty start menu if -clearstart is used. $StartLayoutStr = @" <LayoutModificationTemplate Version="1" xmlns="" xmlns:defaultlayout="" xmlns:start="" xmlns:taskbar=""> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout=""> </defaultlayout:StartLayout> </StartLayoutCollection> </DefaultLayoutOverride> </LayoutModificationTemplate> "@ add-content $Env:TEMP\startlayout.xml $StartLayoutStr import-startlayout -layoutpath $Env:TEMP\startlayout.xml -mountpath $Env:SYSTEMDRIVE\ remove-item $Env:TEMP\startlayout.xml } Else { Write-Host "***Setting clean start menu for new profiles...***" #Custom start layout XML near the top of the script. add-content $Env:TEMP\startlayout.xml $StartLayoutStr import-startlayout -layoutpath $Env:TEMP\startlayout.xml -mountpath $Env:SYSTEMDRIVE\ remove-item $Env:TEMP\startlayout.xml } } #Goodbye Message Function Function Goodbye { Write-Host "*******Decrapification complete.*******" Write-Host "*******Remember to set your execution policy back! Set-Executionpolicy restricted is the Windows 10 default.*******" Write-Host "*******Reboot your computer now!*******" } #---End of functions--- #Decrapify Write-Host "******Decrapifying Windows 10...******" If ($appsonly) { RemoveApps ClearStartMenu Goodbye }Elseif ($settingsonly) { DisableTasks DisableServices RegChange ClearStartMenu Goodbye }Else { RemoveApps DisableTasks DisableServices RegChange ClearStartMenu Goodbye }
And my xml - which is auto generated by the above script.
<?xml version="1.0" encoding="utf-8"?> <LayoutModificationTemplate xmlns="" xmlns:defaultlayout="" xmlns:start="" xmlns:taskbar="" Version="1"> <LayoutOptions StartTileGroupCellWidth="6" /> <DefaultLayoutOverride> <StartLayoutCollection> <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout=""> <start:Group Name="" xmlns:start=""> <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk" /> <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" /> </start:Group> </defaultlayout:StartLayout> </StartLayoutCollection> </DefaultLayoutOverride> <CustomTaskbarLayoutCollection PinListPlacement="Replace"> <defaultlayout:TaskbarLayout> <taskbar:TaskbarPinList> <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" /> <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" /> </taskbar:TaskbarPinList> </defaultlayout:TaskbarLayout> </CustomTaskbarLayoutCollection> </LayoutModificationTemplate> "@
@JasGot said in Script to Clean up Windows 10 Start Menu:
After three days of exploring this. I'm giving up. I can remove the tiles faster by hand.
I chose to forego all the existing scripts because they either don't work, or they uninstall items. There are too many hooks between too many apps to be confident in uninstalling apps without potential consequences.
With all the failures in modifying Start Menu items coming from Microsoft changes, I just can't take the chance that a production machine won't have an issue later (mostly with updates) because an app was removed.
I have also found that there is either no way (or the process is broke) to use XML to control the Start Menu for an existing user (without GPO).
And to top it all off, it appears the ability to modify the Taskbar is broke in 1803 or only works intermittently. Further, in all of the 100's of posts I've read, no one can actually provide a working example. It seems as though every time someone says "I got it working", some else says "post your XML", and they can't because it suddenly isn't working again.
I had narrowed the choices down to one:
but I was unable to make it work 100% of the time. I did not check to see if the unreliability was caused by varying levels of updates; I need it to work across all updates, because I need the start menu modification to work after the upgrade to 10 and before all the updates have taken place. I need to be able to go from 7 to 10 with a custom start menu in under an hour. If I have to wait for certain updates to apply, it could take two full days.I'll keep searching for a solution, but for now, the Windows 10 upgrades are on hold.
Looks like you need to step out of the home user shell and pony up the resources to properly manage Win10 for a business.
Or you are stuck doing it manually. There are a lot of tools that work super well that you have dismissed simply because you want to do it in a way it's not designed.
We got it cleaned up and working well in the SMB I was at before because we did it the way it was designed to work and be managed.
@Dashrender said in Script to Clean up Windows 10 Start Menu:
Interesting - I've been using the 1803 version of the script for 9 months now with zero problems. I'll post my script and XML later today.
Do you apply the changes for deployment / before the users logs in to the computer? or apply them to the user after they have logged in?
That's a huge road block for us.
@Dashrender said in Script to Clean up Windows 10 Start Menu:
Interesting - I've been using the 1803 version of the script for 9 months now with zero problems. I'll post my script and XML later today.
Also, are you importing the xml with powershell? or are you referencing the xml with a registry setting? (either local or though GPO)
@Obsolesce said in Script to Clean up Windows 10 Start Menu:
Looks like you need to step out of the home user shell and pony up the resources to properly manage Win10 for a business.
Or you are stuck doing it manually. There are a lot of tools that work super well that you have dismissed simply because you want to do it in a way it's not designed.
We got it cleaned up and working well in the SMB I was at before because we did it the way it was designed to work and be managed.Care to expound on your comment?
@JasGot said in Script to Clean up Windows 10 Start Menu:
@Dashrender said in Script to Clean up Windows 10 Start Menu:
Interesting - I've been using the 1803 version of the script for 9 months now with zero problems. I'll post my script and XML later today.
Do you apply the changes for deployment / before the users logs in to the computer? or apply them to the user after they have logged in?
That's a huge road block for us.
Always before, we're a business so always before. and I just carry that same process when I build a computer at home.
@JasGot said in Script to Clean up Windows 10 Start Menu:
@Obsolesce said in Script to Clean up Windows 10 Start Menu:
Looks like you need to step out of the home user shell and pony up the resources to properly manage Win10 for a business.
Or you are stuck doing it manually. There are a lot of tools that work super well that you have dismissed simply because you want to do it in a way it's not designed.
We got it cleaned up and working well in the SMB I was at before because we did it the way it was designed to work and be managed.Care to expound on your comment?
Why are you trying to clean these things up after you deployed the machines? that's to late to worry about it.
Personally - if you're just trying to clean out the crap after already deploying machines - log in as an admin - wipe their profile, run the script, have them log back in now with a new cleaner profile.
@Dashrender said in Script to Clean up Windows 10 Start Menu:
Always before, we're a business so always before. and I just carry that same process when I build a computer at home.
Okay. That's the difference. So many of these scripts don't work after the user has logged in.
@Dashrender said in Script to Clean up Windows 10 Start Menu:
Why are you trying to clean these things up after you deployed the machines? that's to late to worry about it.
In this case, they are Windows 10 in place upgrades from Windows 7. The users have been using them for years.
In other cases, we have just taken over the IT and didn't have the luxury of deploying image based computing.
And most importantly, our average customer is 25-250 employees and we do not have the luxury of dictating the policies when it comes to how and where people put their stuff.
I have to weigh the pros and cons before I decide to make a new profile something we do for the in place upgrades. There are many config and personalization items that would have to be rebuilt. Not to mention the whole printer addiction people have. I suppose I could extract local and remote printers from their registry and import those too. That is another round of testing; for another day.
@Dashrender I appreciate you providing this. It has been very helpful.
@JasGot said in Script to Clean up Windows 10 Start Menu:
In this case, they are Windows 10 in place upgrades from Windows 7. The users have been using them for years.
Sorry to hear that, but explains a lot.... and is also the source of the problem.
Does anyone know off-hand if the script has to run on a new profile, or does it have to be run before a profile logs in to windows 10?
@JasGot said in Script to Clean up Windows 10 Start Menu:
Does anyone know off-hand if the script has to run on a new profile, or does it have to be run before a profile logs in to windows 10?
Good question - I don't know.
I've only ever run it in audit mode.
I can probably spin up a machine tomorrow and test it - skip audit mode, make the normal first user, run the script.. make another local user.. reboot log in as that new user and see.