Translate

Windows 10 - considered corporate image & deployment tips (Updated 04/20)

UPDATED 04/23/2020

I need to remember myself which policies I found they are great for a corporate image.

Here just a few of them. Check this out periodically as it gets extended over time. But there is still plenty room for discussions. So its still worth to hire me ;-)


1. In General a good starting point for managing Windows 10 in the enterprise:
    1. https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
2. GPO to disable the Enduser consumer experience
    1. Works since: 10586.122 (1511 1st Update)
    2. Path to GPO: Computer Configuration > Administrative Templates > Windows Components > Cloud Content
    3. Turn off Microsoft consumer experience
    4. Removes the 3rd Party tiles like NTV, Twitter, CandyCrush Saga etc.

      Via MDM see this page:
      https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience
3. GPO to disable the app store (also Infos to do it in other ways as well)
    1.  https://technet.microsoft.com/en-us/itpro/windows/manage/stop-employees-from-using-the-windows-store
    2. Keep in mind your built-in apps did not get updated when you turn off the store completely. Therefore consider Windows Store for Business instead and only show the Store for Business in the store UI
      https://docs.microsoft.com/en-us/microsoft-store/manage-access-to-private-store
4. MDM Policy to disable public and enable windows store for business
    1. https://technet.microsoft.com/en-us/itpro/windows/manage/manage-access-to-private-store
5. APPLOCKER Lock-down-to-specific-apps (Kiosk Mode)
    1. https://technet.microsoft.com/en-us/itpro/windows/manage/lock-down-windows-10-to-specific-apps
6. Policies for Start Menu and Taskbar pinned apps
    1. Works since: 14393.0 (1607 RTM)
    2. https://technet.microsoft.com/en-us/itpro/windows/manage/windows-10-start-layout-options-and-policies
7. Some of you want to disable Cortana (NOT RECOMMENDED BY ME!)
    1. To disable Cortana and get the old search icon back, start regedit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search, create a new 32-bit DWORD value here named
      AllowCortana and leave its value data as 0.
    2. Before doing this checkout this here: http://www.ms-labrats.de/2016/06/windows-10-privacy-is-always-reason-for.html
8. Check for changes in the UNATTEND.XML
    1. As each version bring new features also in OOBE and you may want to control them via unattend.xml file it might be good to check this Website https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/
9. Change the default background picture to more corporate like pictures:

http://www.ms-labrats.de/2017/08/corporate-settings-custom-default.html 
10. Disable XBOX settings in settings UI and also others if you want!


    Disable XBOX settings GPO setting:
    VALUE: hide:gaming-trueplay;gaming-xboxnetworking;gaming-gamebar;gaming-gamedvr;gaming-broadcasting;gaming-gamemode
11. Remove QuickAssist from your Image for security reasons

        Remove-WindowsCapability -online -name App.Support.QuickAssist~~~~0.0.1.0 

      
Reference: https://ccmexec.com/2019/02/remove-quick-assist-using-  powershell-script-in-intune/

Also for Deployment checkout my Technical Summit 2015 Session (Sorry German Only)
https://channel9.msdn.com/events/microsoft-techncial-summit/Technical-Summit-2015-The-Next-Level/Windows-10-Neue-Wege-zum-Rollout-und-Update

Image Optimization by additional value:You can also make live heck easier for users to offer them specific control panel items manually with a shortcut. 

Use the "Control.exe /name CANONICALNAME" 
e.g. control.exe /Name Microsoft.CredentialManager

https://msdn.microsoft.com/en-us/library/windows/desktop/ee330741(v=vs.85).aspx

Image Upgrade Best Practice for images with language packsIf you want to make sure that after the upgrade your language packs get applied you find here a good way to do it. Keep in mind this is a good temporary solution. MS is working in the meantime to provider a much simpler way.