none
Windows 10 Enterprise and GPO = No good!

    Question

  • Hi,


    One of our customer wants to move to W10E on his VDI environment.

    I went there to test the GPOs (added the new ones to the central store etc) but there things that are seriously annoying!


    •         Recycle Bin : Quota on local HD Recycle Bin not working. Still the 10% default
    •         De-activate Work and school account in Windows 10 Settings. Working for the Microsoft Account. But still, you can add a work or school account.
    •         Edge configuration (home page + favs). I think there is no GPO.. Yet!
    •         De-activate/hide/uninstall mail, callendar, xbox, etc… ◦   You can uninstall the link to the package but it is local to the user not to the machine by doing Get-AppxPackage appname | Remove-AppxPackage

    •         Removing a roaming profile (c:\users\%username%) on the local machine will result in a corrupt start menu at next logon. Even if the profile stored on a file server is correct.◦   UPDATE: You can change the exclude list in the registries [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin;SkyDrive;Work Folders". But doing this via User\GPP will result in a black screen at next logon.

    Questions now: Customizing a profile and copying it to the default, will it works?

    Thanks


    Olivier


    Thursday, December 10, 2015 5:12 PM

Answers

  • > •         Removing a roaming profile (c:\users\%username%) on the local
    > machine will result in a corrupt start menu at next logon. Even if the
     
    This doesn't work anymore because it leaves a "corrupt" profile in the
    registry. You MUST do additional cleanup:
     
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList and
    ProfileGuid: Remove both entries belonging to the user in question.
     
    And in HKLM, under the following keys, delete all subkeys belonging to
    the user in question:
     
    "Software\Microsoft\Windows\CurrentVersion\AccountPicture\Users"
    "Software\Microsoft\Windows\CurrentVersion\SystemProtectedUserData"
    "Software\Microsoft\Windows\CurrentVersion\AppReadiness"
    "Software\Microsoft\Windows\CurrentVersion\AppxAllUserStore"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy\State"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy\Status"
     
    > Questions now: Customizing a profile and copying it to the default, will
    > it works?
     
    AFAIK no.
     
    Thursday, December 10, 2015 5:19 PM

All replies

  • > •         Removing a roaming profile (c:\users\%username%) on the local
    > machine will result in a corrupt start menu at next logon. Even if the
     
    This doesn't work anymore because it leaves a "corrupt" profile in the
    registry. You MUST do additional cleanup:
     
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList and
    ProfileGuid: Remove both entries belonging to the user in question.
     
    And in HKLM, under the following keys, delete all subkeys belonging to
    the user in question:
     
    "Software\Microsoft\Windows\CurrentVersion\AccountPicture\Users"
    "Software\Microsoft\Windows\CurrentVersion\SystemProtectedUserData"
    "Software\Microsoft\Windows\CurrentVersion\AppReadiness"
    "Software\Microsoft\Windows\CurrentVersion\AppxAllUserStore"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy\State"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy"
    "Software\Microsoft\Windows\CurrentVersion\Group Policy\Status"
     
    > Questions now: Customizing a profile and copying it to the default, will
    > it works?
     
    AFAIK no.
     
    Thursday, December 10, 2015 5:19 PM
  • Hi,
     
    Am 10.12.2015 um 18:12 schrieb OlivierCesar01:
    > •         Edge configuration (home page + favs). I think there is no
    > GPO.. Yet!
     
    There will never be.
     
    > "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin;SkyDrive;Work
    > Folders".
     
    "Local" + LocalLow are already excluded, that´s why they are called
    Local and not Roaming.
     
    > Questions now: Customizing a profile and copying it to the default, will
    > it works?
     
    Question back: What happens if you just give it a try? Your answer is
    just 5 minutes away ...
     
    Mark
    --
    Mark Heitbrink - MVP Windows Server - Group Policy
     
    GPO Tool: http://www.reg2xml.com - Registry Export File Converter
     
    Thursday, December 10, 2015 10:52 PM
  • Hi all,

    Sorry for the late answer.

    I created a GPO for the Apps.. Did forgot that for it was existing :-)

    As the customer got W10 Ent, it works perfectly.

    For the roaming profile, this is on VMware View.

    But now, I am busy with another installation on Windows 2012 R2 with W10 Ent in VDI.

    Everything is working fine but I have a small problem:

    • The start menu doesn't show up!
    • Cannot see notification
    • Cannot raise or lower the volume

    In fact, all related task bar things are not working.

    But the rest is ok.

    Any idea?

    Olivier

    Wednesday, December 16, 2015 8:57 AM
  • Hi Olivier,


    Some system file might be missing or corrupted during the installation, please try to run the command below and reboot computer when it finishes:

    SFC /scannow

    If issue persists after running the SFC command, then you could try to run the powershell command below and see if it helps:

    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}


    In addition, since the issue is related to Windows 10, for better support experience, I’d suggest you post in the dedicated Windows 10 forum below:

    https://social.technet.microsoft.com/Forums/en-US/home

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 17, 2015 9:20 AM
    Moderator