Ask a new question

How to remove Windows Packaged Apps from Domain Users

Dear Community,


I have not found a good way to remove most of my Domain Users' Windows Packaged Apps.


A. I cannot use AppLocker from GPO, because my users are using Windows 10 Pro. 

   I believe AppLocker only applies for Windows 10 Enterprise and Education.


B. I cannot use User Policy : "Don' run specified Windows applications" for packaged apps.


C. I do not want to use User Policy : "Run only specified Windows application" because my Domain Users' need to use a few of packaged apps


D. Some Windows Packaged Apps can be disabled by editing the folder name in Windows\SystemApps. This method applies to the Computer, and I do not want to do this method on every Computers.


E. I cannot run Powershell script from GPO, because the script will run as System, instead of Domain/Local Administrator or Domain Users


F. I have been trying to use Powershell for the past few days. 

I logged in to a Domain User profile, then I run Powershell as Administrator, both as Domain Administrator and Local Administrator. 

The domain user has it's roaming profile disabled.


This is what I did:

1. Run Powershell on a Domain User's profile as an administrator

2. get-appxpackage -allusers *print3D* | remove-appxpackage

3. To my surprise, the aforementioned script removed the packaged app from the Administrator's profile, not from the domain user's profile.

4. Cry a little bit


G. Cry a little bit more, enroll Domain Users as Administrators, manually uninstall Windows Packaged App from every Domain Users, with roaming profile enabled, remove Domain Users from Administrators.


H. Make a petition to ask Microsoft to allow AppLocker on Windows 10 Pro.

Answer
Answer
Packages are not automatically installed for the user, but if they visit the Store they will be able to add any package you removed, hence the reason why after removing the unwanted packages you need to use GPO to make the Store private and only advertise the packages you want to be available.

I'm not sure I understand the question about roaming profile, but I assume you're asking if the app will be available on a different computer. No, not unless it was previously installed for that user on that machine.

On the last question, apps that are not pre-installed are usually limited to the user profile (%LocalAppData\Packages%).

Apps that are pre-installed but not part of the Windows 10 core experience are available to all users (%ProgramFiles%\WindowsApps) and store per-user settings in the user profile.

Last apps that have to do with the common Windows 10 experience such as the modern Start menu, Search, and Settings panels (Immersive Control Panel) are system wide and cannot be removed (%windir%\SystemApps) and also store per-user settings in the user profile.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer
Answer
Hi and thanks for reaching out. My name is William. I'm a Windows technical expert. I'll be happy to help you out today.

We do something similar to this in our workplace. First you need to remove the packages you dont want with powershell. Afterwards, you use GPO to enable the private Windows Store to only allow those packages needed in your environment.

For Windows Private Store, see https://docs.microsoft.com/en-us/microsoft-stor...

This is a sample of the posh script (we do this during task sequence but you can edit to remove checking for task sequence environment and logging and comment in or out the apps you want or dont want): 

#---------------------------------------------------------------------------------------------------------------
# Main Routine
#---------------------------------------------------------------------------------------------------------------

# Get log path. Will log to Task Sequence log folder if the script is running in a Task Sequence
# Otherwise log to \windows\temp

try

{

    $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment

    $logPath = $tsenv.Value("LogPath")

}

catch

{

    Write-Host "This script is not running in a task sequence"

    $logPath = $env:windir + "\temp"

}

$logFile = "$logPath\$($myInvocation.MyCommand).log"

# Start logging

Start-Transcript $logFile

Write-Host "Logging to $logFile"

# List of Applications that will be removed

$AppsList = @(
    # default Windows 10 (1703) apps  
    "Microsoft.XboxSpeechToTextOverlay"
    "Microsoft.Wallet"
    "Microsoft.XboxGameOverlay"
    "Microsoft.StorePurchaseApp"
    "Microsoft.OneConnect"
    "Microsoft.Getstarted"
    "Microsoft.People"
    "Microsoft.3DBuilder"
    "Microsoft.WindowsSoundRecorder"
    "Microsoft.WindowsFeedbackHub"
    "Microsoft.WindowsMaps"
    "Microsoft.MicrosoftOfficeHub"
    "Microsoft.MSPaint"
    #"Microsoft.BingWeather"
    "Microsoft.Services.Store.Engagement"
    "Microsoft.Advertising.Xaml"
    "Microsoft.MicrosoftSolitaireCollection"
    "Microsoft.Microsoft3DViewer"
    "Microsoft.XboxApp"
    "Microsoft.ZuneMusic"
    "Microsoft.Office.OneNote"
    "Microsoft.ZuneVideo"
    "Microsoft.windowscommunicationsapps"
    "Microsoft.SkypeApp"
    #"Microsoft.WindowsStore"
    #"Microsoft.Windows.Photos"
    #"Microsoft.WindowsCamera"
    #"Microsoft.DesktopAppInstaller"
    #"Microsoft.WindowsCalculator"
    #"Microsoft.MicrosoftStickyNotes"
    #"Microsoft.WindowsAlarms"
    
    # Threshold 2 apps
    "Microsoft.Messaging"

    # apps which cannot be removed using Remove-AppxPackage
    #"Microsoft.Windows.CloudExperienceHost"
	#"Microsoft.AAD.BrokerPlugin"
    #"Microsoft.Windows.ShellExperienceHost"
    #"Windows.immersivecontrolpanel"
    #"Microsoft.Windows.Cortana"
    #"Microsoft.MicrosoftEdge"
    #"Microsoft.Windows.ContentDeliveryManager"
    #"Microsoft.XboxIdentityProvider"
    #"Microsoft.XboxGameCallableUI"
    #"Windows.ContactSupport"
    #"Microsoft.AccountsControl"
    #"Microsoft.BioEnrollment"
    #"Microsoft.CredDialogHost"
    #"Microsoft.LockApp"
    #"Microsoft.PPIProjection"
    #"Microsoft.Windows.Apprep.ChxApp"
    #"Microsoft.Windows.AssignedAccessLockApp"
    #"CortanaListenUIApp"
    #"Windows.MiracastView"
    #"EnvironmentsApp"
    #"HoloCamera"
    #"HoloItemPlayerApp"
    #"HoloShell"
    #"Microsoft.Windows.HolographicFirstRun"
    #"DesktopLearning"
    #"DesktopView"
    #"Microsoft.Windows.ModalSharePickerHost"
    #"Microsoft.Windows.OOBENetworkCaptivePortal"
    #"Microsoft.Windows.OOBENetworkConnectionFlow"
    #"Microsoft.Windows.ParentalControls"
    #"Windows.PrintDialog"
    #"Microsoft.Windows.WindowPicker"
    #"Microsoft.Windows.SecureAssessmentBrowser"
    #"Microsoft.Windows.SecondaryTileExperience"
    #"Microsoft.Windows.SecHealthUI"

)

ForEach ($App in $AppsList){

    $Packages = Get-AppxPackage | Where-Object {$_.Name -eq $App}

    if ($Packages -ne $null)

    {

          Write-Host "Removing Appx Package: $App"

          foreach ($Package in $Packages)

          {

          Remove-AppxPackage -package $Package.PackageFullName

          }

    }

    else

    {

          Write-Host "Unable to find package: $App"

    }

    $ProvisionedPackage = Get-AppxProvisionedPackage -online | Where-Object {$_.displayName -eq $App}

    if ($ProvisionedPackage -ne $null)

    {

          Write-Host "Removing Appx Provisioned Package: $App"

          remove-AppxProvisionedPackage -online -packagename $ProvisionedPackage.PackageName

    }

    else

    {

          Write-Host "Unable to find provisioned package: $App"

    }

}

# Stop logging

Stop-Transcript

4 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated February 28, 2024 Views 9,346 Applies to: