none
Windows 10 Search

    Question

  • Hi

    I am trying to setup Windows 10 Education for my domain and am having issues with the search bar. I have locked down the All Apps section and use a redirected desktop to a UNC share for the application shortcuts. However, I want the users to be able to use the basic search. I have turned off cortana and web search via GPO and I have set the "Remove Run Menu from Start Menu" GPO to enabled. Which does prevent UNC share access in an open Window and C:\ access but if you place c:\ or a UNC share path into the Windows 10 search on the task bar you still have access.

    At present I have local M
    y documents folder because they use large applications like Photoshop CC and it works better when running from the local My documents and then copying to a networked home folder when they are finished. I have also tried denying access to the c:\ under the GPO for User Config > Admin Temp > Windows Components > File Explorer > "Prevent access to drives from My Computer" but whilst this stops all access to c:\ it then means you cant use local My documents and sadly UNC paths are still able to be browsed to through the search.

    Has anyone come across this issue so far. I have tried looking at blogs and Google searches but the only stuff out there points to the GPO's I have already mentioned which don't stop UNC from search.

    Surely Microsoft hasn't released a product with search facillity that cant lock UNC access for standard users. The only way i can stop this at present is to remove the search option from the task bar. 
    Which is rubbish


     I also cant find a way to redirect the All Apps menu through a GPO. If I could do this I would turn off search. So it seems that the only setting I can push out is a redirected Desktop and whilst this is good it means you have to know where all the shorcuts live in each folder on the desktop in order to open an application.


    Any help would be greatly appreciated


    kind regards

    Simon

    Monday, June 20, 2016 9:28 AM

All replies

  • Hi Simon,

    Thanks for your post.

    I have test for this.

    The group policy Remove Run Menu from Start Menu works on Windows 7, but it not works on Windows 10. And the related registry of the setting Remove Run Menu from Start Menu NoRun has been created and it has been set to 1 on Windows 10, the result is negative.

    The registry of NoRun

    User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
    Explorer]
    System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
    Explorer]
    Value Name: NoRun
    Data Type: REG_DWORD (DWORD Value)
    Value Data: (0 = disabled, 1 = enabled)

    I am still working for why the setting not work on Windows 10.

    In addition, I found a method to achieve your goal, it is that block port 455 and 139 by firewall. But I think if you block the two ports may cause some other problem.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 23, 2016 6:40 AM
    Moderator
  • Hi Jay

    Thanks for your reply. I looked into the setting the values in the registry as well but, as you say it produces a negative result. You can still search c:\ and UNC shares. I do not want to add firewall rules to stop this as this will prevent all access. I don't know how this will affect shortcuts pushed out to the desktop that point to a UNC share.

    Do you know whether there will be any movement from MS regarding this. I simply cannot use Windows 10 Education in a school environment without the ability to prevent UNC browsing and searching the c:\ through the taskbar search.

    Do you know who would I be able tot speak to at MS regarding this matter?

    Simon

    Thursday, June 23, 2016 9:01 AM
  • Hi Simon,

    Have you installed the update MS16-072 for Windows 10?

    If yes, I suggest you try those actions below:

    1. Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
    2. If you are using security filtering, add the Domain Computers group with read permission.

    For detailed information, you could refer to the article below.

    MS16-072: Security update for Group Policy: June 14, 2016

    https://support.microsoft.com/en-us/kb/3163622

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 27, 2016 5:59 AM
    Moderator
  • Hi Jay

    Thanks for pointing this out. I have already done this and run the powershell script that shows you which GPO's needed attention. I did have a few weird things happen after patch Tuesday and came across this on the Wednesday.

    If you get any updates on eth windows 10 search please let me know

    Simon

    Monday, June 27, 2016 11:30 AM