Windows 10 comes with much unwanted bloatware in the form of "ModernApps". These apps include:
What is very annoying is Microsoft believes these applications are required "by default" even in Windows 10 Enterprise Edition which is targeted at corporations.
If a user removes these applications, they automatically reinstall by default making it more frustrating.
So - you want to build your corporate image but and remove all Windows 10 Bloatware and modern applications which Microsoft deem necessary for all users? Here what we needed to do on our Windows 10 Enterprise anniversary update 1607.
First of all don't join your Windows 10 image to the domain. If you join the Windows 10 Enterprise 1607 image to an Active Directory domain (even if you isolate the computer so it does not receive policy), sysprep fails with the following.
Sysprep was not able to validate your Windows installation.
Other important policies we deployed to the Active Directory Domain Group Policy for Windows 10 machines include:
Hope this information is helpful to anyone wanting to upgrade to Windows 10 as part of a corporate SOE.
- Netflix
- Pandora
- Skype Preview
- Paid WiFi & Mobile
- Xbox
- Get Office
- Microsoft Solitaire Collection
- Groove Music
- Adobe Photoshop Express
- 3D Builder
What is very annoying is Microsoft believes these applications are required "by default" even in Windows 10 Enterprise Edition which is targeted at corporations.
If a user removes these applications, they automatically reinstall by default making it more frustrating.
So - you want to build your corporate image but and remove all Windows 10 Bloatware and modern applications which Microsoft deem necessary for all users? Here what we needed to do on our Windows 10 Enterprise anniversary update 1607.
First of all don't join your Windows 10 image to the domain. If you join the Windows 10 Enterprise 1607 image to an Active Directory domain (even if you isolate the computer so it does not receive policy), sysprep fails with the following.
Sysprep was not able to validate your Windows installation.
In the setupact.log on the server the following error is generated from domain joining. I believe this is a bug and I will be raising it with MS.
2017-02-07 16:45:40, Error SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2017-02-07 16:45:40, Error SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2017-02-07 16:45:40, Error[0x0f0082] SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing 'SysprepGeneralizeValidate' from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2017-02-07 16:45:40, Error SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2017-02-07 16:45:40, Error SYSPRP RunPlatformActions:Failed while validating SysprepSession actions; dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep generalize internal providers; hr = 0x80073cf2
2017-02-07 16:46:54, Info [0x0f0052] SYSPRP Shutting down SysPrep log
2017-02-07 16:46:54, Info [0x0f004d] SYSPRP The time is now 2017-02-07 16:46:54
2017-02-07 16:45:40, Error SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2017-02-07 16:45:40, Error SYSPRP RunPlatformActions:Failed while validating SysprepSession actions; dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep generalize internal providers; hr = 0x80073cf2
2017-02-07 16:46:54, Info [0x0f0052] SYSPRP Shutting down SysPrep log
2017-02-07 16:46:54, Info [0x0f004d] SYSPRP The time is now 2017-02-07 16:46:54
Make all changes to the image in "WORKGROUP" mode to ensure it never touches the Active Directory domain so sysprep will run.
Stop Bloatware from Re-downloading from MS Cloud
Next we want to stop Windows 10 from automatically "redownloading" bloatware apps after we remove them.
Method 1
Add 32-bit DWORD value named DisableWindowsConsumerFeatures
to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent
Note: You will want to create the CloudContent Key.
Method 2
Method 2 involves deploying the regkey via you AD Domain/local policy. During image creation as your machine is workgroup, it wont be able to get this policy from the domain.
Computer Configuration –> Administrative Templates –> Windows Components –> Cloud Content
“Turn off Microsoft consumer experiences”
Note: I recommend deploying Method 1 on the image itself immediately after being built as the image will start downloading bloatware as your configuring your base SOE.
Remove the Default Bloatware
Next you will want to remove all default Windows 10 Bloatware "Modern Apps". To remove this from your image from an elevated PowerShell command prompt run:
Get-ProvisionedAppxPackage -Online | Remove-ProvisionedAppxPackage -Online
If you want to review the list of bloatware before running the above command, run this:
Get-AppXProvisionedPackage -Online | Select PackageName
After you remove the bloatware, make sure you run the following command from the user account you want to sysprep from, or sysprep will fail once again as per https://support.microsoft.com/kb/2769827
Get-AppxPackage | Remove-AppxPackage
Classic Shell
In this image I installed the classic shell App to give all users the standard Windows 7 start menu and remove the modern app interface all together. This was downloaded from:
We only installed Classic Start Menu, not Classic Explorer, Classic IE or any of the other options from this download.
Default Profile
Items such as Edge cannot be removed from Windows 10 just like IE cannot be removed from Windows 7. We created a new Default Profile and removed the Edge icon from the task bar, configured the taskbar classic shell and setup default wallpaper etc.
Other Important Policies We Applied
Disabling the Windows Store:
Computer Configuration, Administrative Templates, Windows Components, and then click Store.
In the Setting pane, click Turn off Store application
Disable OneDrive
Computer Configuration > Administrative Templates > Windows Components > OneDrive
Prevent the usage of OneDrive for file storage
Disable Cortana
Computer Configuration > Administrative Templates > Windows Components > Search
"Allow Cortana" --> Set to disabled.
Default Apps
Configure Windows 10 to use Windows Media Player and Internet Explorer as default apps (or alternative) and export the default App config with:
dism /online /export-defaultappassociations:\\localhost\c$\AppAssoc.xml
Deploy the xml file with Group Policy from a file share:
Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file
Tip for Creating the Image
We wanted to create a driver independent image as we are deploying with SCCM and we need to layer the drivers based on the various client hardware. As a result, we do not want any drivers incorporated in the image.
I built the image on VMWare using E1000 NIC (as its natively supported by Windows 10) and did not install VMware Tools during the build process to keep the image clean.
I also had numerous issues with sysprep failing due to numerous changes (many which I did not document here). As a result, I recommend snapshotting your progress numerous times throughout the SOE build and attempting to run sysprep numerous times during your build process to ensure when you get to the end it will not fail!
No comments:
Post a Comment