Windows 11 22H2 production setup!

-

Windows 11 22H2 production setup!

I recently started to deploy windows 11 and to my chagrin found many applications that didn't align to the business needs such as recommended apps, tiktok, instagram etc, as well as other apps like Microsoft Teams, and Onedrive.  So this is a short blog and shout out to the resources I found to help tame this beast Microsoft released.

  • Customize the start menu for the default profile to remove suggested apps for all users
  • Uninstall bloatware for all users

Customized Start Menu

  1. Log in as an admin account and customize the start menu they way you would like.
  2. Windows 11 stores the customized configuration under the users profile folder: c:\users\%user%\appdata\local\packages\Microsoft.Windows.StartMenuExperienceHost_%randomized%\localstate\start2.bin
  3. Copy this start2.bin file to somewhere on the network.  Like the sysvol domain controller.
  4. I wrote the script below to account for the randomization as the folder path is unique per windows install, but consistent across users.
  5. With this in place, all NEWLY logged in users will get the customized menu, in my case I unpinned all but business only applications.

#Identify Path of the Default Profile StartMenueExperince Folder

$users = get-childitem "c:\users" | Select-Object -ExpandProperty name

foreach ($user in $users){
    
    $path = "c:\users\" + $user + "\appdata\local\packages"

    if((get-item $path -ErrorAction SilentlyContinue) -ne $null){
    $startmenupath = get-childitem $path | where {$_.name -like "*StartMenuExperienceHost*"} | Select-Object -ExpandProperty name
    }
}

$robopath = "c:\users\default\AppData\Local\Packages\" + $startmenupath + "\LocalState"
$robopath >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Copy Custom Start Menu to Default Profile
& robocopy "c:\windows\temp\hhcu-it\" $robopath "start2.bin"



Uninstall Bloatware


  1. I tried a couple of things to remove software but the following script is what ended up working for me using the remove-appxpackage -allusers command

#Remove Teams
if ((get-item "c:\windows\temp\teams.txt" -ErrorAction SilentlyContinue) -eq $null){
    write-output "Uninstalled Teams" > c:\windows\temp\hhcu-it\Teams.txt
    Get-AppxPackage -allusers | where {$_.name -like "*Teams*"} | Remove-AppxPackage -allusers
}else{write-output "Teams Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Xbox
if ((get-item "c:\windows\temp\xbox.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled Xbox" > c:\windows\temp\hhcu-it\xbox.txt
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.XboxGamingOverlay*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.XboxApp*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.Xbox.TCUI*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.XboxSpeechToTextOverlay*"} | Remove-AppxPackage -allusers
}else{write-output "Xbox Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Phone
if ((get-item "c:\windows\temp\yourphone.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled YourPhone" > c:\windows\temp\hhcu-it\yourphone.txt
    Get-AppxPackage -allusers | where {$_.name -like "*phone*"} | Remove-AppxPackage -allusers
}else{write-output "Phone Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Clipchamp
if ((get-item "c:\windows\temp\clipchamp.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled clipchamp" > c:\windows\temp\hhcu-it\clipchamp.txt
    Get-AppxPackage -allusers | where {$_.name -like "*clipchamp*"} | Remove-AppxPackage -allusers
}else{write-output "ClipChamp Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Onedrive
if ((get-item "c:\windows\temp\onedrive.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled onedrive" > c:\windows\temp\hhcu-it\onedrive.txt
    Get-AppxPackage -allusers | where {$_.name -like "*Onedrive*"} | Remove-AppxPackage -allusers
}else{write-output "Onedrive Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove MSN Weather
if ((get-item "c:\windows\temp\msn.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled msn" > c:\windows\temp\hhcu-it\msn.txt
    Get-AppxPackage -allusers | where {$_.name -like "*MSN*"} | Remove-AppxPackage -allusers
}else{write-output "MSN Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Feedback Hub
if ((get-item "c:\windows\temp\feedback.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled feedback" > c:\windows\temp\hhcu-it\feedback.txt
    Get-AppxPackage -allusers | where {$_.name -like "*Feedback*"} | Remove-AppxPackage -allusers
}else{write-output "FeedbackHub Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Microsoft Store
if ((get-item "c:\windows\temp\Store.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled feedback" > c:\windows\temp\hhcu-it\Store.txt
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.StorePurchaseApp*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.WindowsStore*"} | Remove-AppxPackage -allusers
}else{write-output "MS Store Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log

#Remove Mail and Other Apps
if ((get-item "c:\windows\temp\mail.txt" -ErrorAction SilentlyContinue) -eq $null ){
    write-output "Uninstalled mail" > c:\windows\temp\hhcu-it\mail.txt
    Get-AppxPackage -allusers | where {$_.name -like "*microsoft.windowscommunicationsapps*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.SkypeApp*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.GamingApp*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.MixedReality.Portal*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.BingNews*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*Microsoft.XboxIdentityProvider*"} | Remove-AppxPackage -allusers
    Get-AppxPackage -allusers | where {$_.name -like "*SpotifyAB.SpotifyMusic*"} | Remove-AppxPackage -allusers
}else{write-output "Mail and other apps Already Removed"} >> c:\windows\temp\hhcu-it\Win11-Setup.log




Findings

  • Removed non-business applications like XBOX...
  • All users that log in after this process don't see promotional apps
  • Applied a group policy to automate the script process through task scheduler
  • Widgets Disabled appear to be disabled probably due to bingnews being removed
  • Store is gone so users can't add things back, also disabled the store via GPO "just in case"

Shout outs


https://www.smartdeploy.com/blog/customize-default-profiles/




Location: Bedford, IN 47421, USA

Comments

Post a Comment

Popular posts from this blog

Integrate Choco with SCCM

-
Image
Integrating Choco with SCCM Choco is well known and recently I've written on how to integrate choco with puppet as the control mechanism.  Today, I've explored how to do this with SCCM configuration manager.  This article assumes you have a working SCCM environment.  My lab environment was set up using Oracle's personal use virtual box and evaluation software provided by Microsoft's eval center and a Fedora host system.  (Let me know if you would like to know more about my setup) The reason I'm writing about this is to keep 3rd party software up to date leveraging choco packages as well as develop a standard deployment model for all software. High level steps: Create choco installer application in sccm. Create notepad++ installer and uninstaller applications in sccm. Upgrade notepad++ with supersedence Deploy non standard package (Comming soon) So to dig in, first we need to install choco on our SCCM clients.  In this test, I'm using SCCM appl
Read more

Automate Server Patching with Puppet (Part 2)

-
Image
In the first blog post I made about this, I showed how to patch windows 3rd party software like, notpad++, windirstat and other software utilizing puppet and chocoloatey on windows.  However, the next part of the solution was to deploy windows patches as the name suggests.  This part of the equation was a bit more challenging, but well worth the effort. For help setting up puppet and chocolatey refer to the previous blog post .  When patching windows security patches, most of them are not on the chocolatey website ready to go, so I choose to build my own repository of patches using a internal NuGet server.  Getting NuGet up and running requires Visual Studio.  In my case I utilized the community edtion (Free).  During the install you have to pick which components you want to install.  See below: Once you get visual studio prepare, your ready to head over to the microsoft project site and build the package on your own IIS instance.  I wont go into much detail here, I didn'
Read more