CONTEXT: (Feel free to skip my babbling)
If you haven’t figured out by now, I hate managing things that I feel should manage themselves. If I can get out of doing extra work, and have things in place to automatically take care of it, awesome. Even if it’s less efficient on network resources, and I lose some granularity of control, if my environment doesn’t care, then I’m going to let things auto update, and auto remediate as much as possible. (Note, where I work now, I don’t follow my personal philosophy, my environment cares, everything is controls to super granular levels, but we have people to manage it here, at my last place, it was just a couple of us doing everything, so we had to employ methods to do things with out technicians having to get involved.)
IDEA:
Make Windows 10 Build Updates easier. While I love Task Sequences, I don’t want to have to make something complex for a build update that happens every 6 months. I want windows to update, and I want to keep the customizations I put in during OSD.
From MMS Presentation: Download full Presentation HERE
HOW:
Tried and True is Group Policy, however, group policy can take a little while to kick back in, and I don’t want to wait, I want the customizations there before the user logs back in, I don’t want the user to know things changed. I decided to go with good old scheduled tasks and two scripts, (1 batch file & 1 powershell) plus a 3rd script to build the scheduled tasks and copy the files required locally.
Basically, the batch file is a combination of all the system level tweaks crammed into one script, and the powershell file is the “remove default apps” script. Hopefully after 1709, you won’t need to keep removing the AppX packages, I’ve heard they are “fixing” it so that it will honor the appx you’ve removed, and not put them back in, however, they will probably keep adding in new AppX packages that you’ll have to decide if you want to keep or remove, so there is a good chance you’ll have to run a modified version of this script for each build upgrade forever.
Batch File to Create Scheduled Tasks & Copy Required Files to c:\ProgramData:
If Not Exist "c:\programdata\Win10Upgrade\" (md c:\programdata\Win10Upgrade) xcopy Windows10UpgradeTaskFixesScript.cmd c:\programdata\Win10Upgrade\ /Y /S xcopy Windows10Tweaks\* c:\programdata\Win10Upgrade\Windows10Tweaks\* /Y /S schtasks.exe /ru "SYSTEM" /Create /XML Windows10UpgradeScheduleTaskTweaks.xml /TN "Windows 10 In-Place Upgrade Tweaks" /F schtasks.exe /ru "SYSTEM" /Create /XML Windows10UpgradeScheduleTaskRemoveDefaultApps.xml /TN "Windows 10 In-Place Upgrade AppRemoval" /F
Powershell Script To Remove Default Apps (Thanks @Geodesicz):
<#
.SYNOPSIS
Remove AppX Apps from Windows 10 During OSD Task Sequence
.DESCRIPTION
Uses PackageID to Identify Content Type and Other Descriptive Information About Content, Requires - Created by Mark Godfrey @Geodesicz
.PARAMETER Apps
Comma separated values for the Display Names of the AppX Provisioned Packages you want removed. Each value should be in a separate set of quotes.
.EXAMPLE
.\Remove-Win10AppsTS.ps1 -Apps "Microsoft.XboxApp","Microsoft.ZuneVideo","Microsoft.SkypeApp"
.LINK
http://www.tekuits.com
#>
<#
[CmdletBinding()]
Param(
[Parameter(HelpMessage="Apps")]
[ValidateNotNullOrEmpty()]
[String[]]$Apps
)
#>
$Apps = "Microsoft.MicrosoftSolitaireCollection","Microsoft.Office.OneNote","Microsoft.OneConnect","Microsoft.People","Microsoft.SkypeApp","Microsoft.Wallet","Microsoft.WindowsCommunicationsApps","Microsoft.XboxApp","Microsoft.XboxGameOverlay","Microsoft.XboxIdentityProvider","Microsoft.XboxSpeechtoTextOverlay","Microsoft.ZuneVideo"
ForEach($App in $Apps){
Get-AppxProvisionedPackage -Online | Where-Object DisplayName -eq "$app" -Verbose -ErrorAction SilentlyContinue | Remove-AppxProvisionedPackage -Online -Verbose
}
$Capabilities = "App.Support.ContactSupport~~~~0.0.1.0","App.Support.QuickAssist~~~~0.0.1.0"
$Capabilities | ForEach{Remove-WindowsCapability -Online -Name $PSItem}
Batch File to Reapply System Level Tweaks:
REM Tweak - Remove Pictures Folder in This PC
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0ddd015d-b06c-45d5-8c4c-f59713854639}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REM Tweak - Remove Video Folder in This PC
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{35286a68-3c57-41a1-bbb1-0eae73d76c95}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REM Tweak - Remove Music Folder in This PC
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a0c69a99-21c8-4671-8703-7934162fcf1d}\PropertyBag" /V ThisPCPolicy /T REG_SZ /D Hide /F
REM Tweak - Set Explorer to launch "This PC"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /V LaunchTo /T REG_DWORD /D 1 /F
REM Tweak - MyComputer Desktop Icon CL
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /V {20D04FE0-3AEA-1069-A2D8-08002B30309D} /T REG_DWORD /D 0 /F
REM Tweak - Add Run as different user
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer" /V ShowRunasDifferentuserinStart /T REG_DWORD /D 1 /F
REM Tweak - IE hide Edge Tab Button
Reg.exe ADD "HKLM\Software\Microsoft\Internet Explorer\Main" /v HideNewEdgeButton /T REG_DWORD /D "1" /F
REM Tweak - Enable WoWLAN
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NativeWifiP\Parameters" /V EnableWoWLAN /T REG_DWORD /D 1 /F
REM Tweak - Disable MS Consumer Experiences
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /V DisableWindowsConsumerFeatures /T REG_DWORD /D 1 /F
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /V DisableSoftLanding /T REG_DWORD /D 1 /F
REM Set Default Apps & Extensions
Dism.exe /online /Import-DefaultAppAssociations:c:\programdata\Win10Upgrade\Windows10Tweaks\DefaultApps.xml
REM - Replace Default Background Steps
takeown /f C:\Windows\Web\4K\Wallpaper\Windows\*.*
icacls C:\Windows\Web\4K\Wallpaper\Windows\*.* /Grant System:(F)
cmd.exe /c del /q C:\Windows\Web\4K\Wallpaper\Windows\*.*
takeown /f c:\windows\WEB\wallpaper\Windows\img0.jpg
icacls c:\windows\WEB\wallpaper\Windows\img0.jpg /Grant System:(F)
cmd.exe /c del c:\windows\WEB\wallpaper\Windows\img0.jpg
cmd.exe /c copy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_Corp.jpg C:\Windows\Web\Wallpaper\Windows\img0.jpg /Y
cmd.exe /c copy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_LockScreen.jpg C:\Windows\Web\Wallpaper\Theme1\img1.jpg /Y
cmd.exe /c copy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_HR.jpg C:\Windows\Web\Wallpaper\Theme1\img2.jpg /Y
cmd.exe /c copy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_Sales.jpg C:\Windows\Web\Wallpaper\Theme1\img3.jpg /Y
REM - Replace Default LockScreen Steps
takeown /f C:\Windows\Web\Screen\*.*
icacls C:\Windows\Web\Screen\*.* /Grant System:(F)
xcopy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_LockScreen.jpg C:\Windows\Web\Screen\img100.jpg /Y /S /Q
xcopy c:\programdata\Win10Upgrade\Windows10Tweaks\1703\DM_LockScreen.jpg C:\Windows\Web\Screen\img105.jpg /Y /S /Q
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization" /V LockScreenImage /F
REM - Replace Default User Pictures
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /V UseDefaultTile /T REG_DWORD /D 1 /F
xcopy c:\programdata\Win10Upgrade\Windows10Tweaks\UserPictures\* "%SystemDrive%\ProgramData\Microsoft\User Account Pictures" /Q /Y /I
REM - Set "My PC" to The Computer Name
c:\programdata\Win10Upgrade\Windows10Tweaks\setacl.exe -on "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -ot reg -actn setowner -ownr "n:Administrators"
c:\programdata\Win10Upgrade\Windows10Tweaks\SetACL.exe -on "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -ot reg -actn ace -ace "n:Administrators;p:full"
c:\programdata\Win10Upgrade\Windows10Tweaks\SetACL.exe -on "HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -ot reg -actn ace -ace "n:SYSTEM;p:full"
reg import c:\programdata\Win10Upgrade\Windows10Tweaks\ComputerName.reg /reg:64
Once you have those, you’ll need to create the Scheduled Tasks:
I’ve provided the XML files in the download, and the scripts to import them. (At bottom of post)
First Scheduled Task – Removing Defaults Apps
General: Windows 10 In-Place Upgrade AppRemoval
user account: SYSTEM
Run whether user is logged on or not
Run with highest privileges (Checked)
Configure for: Windows Vista / Server 2008
Trigger: On an Event
Basic: Microsoft-Windows-AppReadiness/Admin
Source: AppReadiness
EventID: 100
Action: Start a Program
Program / Script: powershell.exe
Add arguments: -executionpolicy bypass -file “C:\ProgramData\Win10Upgrade\Windows10Tweaks\RemoveDefaultAppsWin10.ps1”
Second Scheduled Task – Reapplying Tweaks / Branding
General: Windows 10 In-Place Upgrade Tweaks
user account: SYSTEM
Run whether user is logged on or not
Run with highest privileges (Checked)
Configure for: Windows Vista / Server 2008
Trigger: On an Event
Basic: Microsoft-Windows-AppReadiness/Admin
Source: AppReadiness
EventID: 100
Action: Start a Program
Program / Script: C:\ProgramData\Win10Upgrade\Windows10UpgradeTaskFixesScript.cmd
Application Contents: (Root)
Application Contents: (Subdirectory)
1703 folder just contains the Images I used with our 1703 deployment.
Once you’ve run the Setup Script or Application, it will create the Scheduled Tasks, and copy the files needed to run after the build update to:
DOWNLOAD Exported Application: https://garytown.com/Downloads/Win10InPlaceUpgradeTweakTasks_files.zip
This contains the raw files, you don’t actually need to import if you don’t want to.
For the Application Model of Win10 Build Upgrade, I had an application with the content source of the extracted ISO:
Install Program: Setup.exe /auto upgrade /DynamicUpdate Enable /showoobe none (This will download and apply updates, which can take a long time, but recommend you still do this unless you manually update the install.wim file)
Detection Method: Registry: HKLM\SOFTWARE\Micrsoft\Windows NT\CurrentVersion CurrentBuild = 15063 (1703 – Change the Build number to match the Build you’re deploying)
Please customize the tweaks for your environment. 🙂
As always… TEST TEST TEST. As I mentioned in the beginning, I don’t use this method any longer due to different requirements at my new employer, so I’m no longer testing and developing this process.
Please note, the Lock Screen Image can be inconsistent, sounds like MS is aware of a bug, and hopefully future builds will fix this, so if your Lock Screen doesn’t always apply right each time you test… call it good enough and move on to the next thing on your list.
Update 2017.09.07 – Jason Freeman (@loosusjason) pointed out you can do this with SetupConfig.ini – More info HERE
Hey Gary,
Thanks for the write up, and scripts.
Much appreciated. 🙂
That ComputerName.reg tweak doesn’t stay the way I want it. It will assign LocalizedString “%USERNAME% on %COMPUTERNAME%” the first time the registry key is applied, but at next login, LocalizedString becomes “COMPUTERNAME$ on %COMPUTERNAME%”. Moreover, if I specify LocalizedString as a REG_EXPAND_SZ type, it will automatically revert to REG_SZ type at the next login.
I’ve played with this a little, and I also had a little trouble getting it to work. Sorry, just haven’t had much time to dig in deeper.