Windows 10 Enterprise Deployment Guide

Windows 10 Enterprise Deployment Guide

For privacy conscious organizations – and removing all the bloat.

 

After extensive testing and iterations, it’s best to keep the Windows 10 iso/wim file exactly how it comes from Microsoft, then do everything online.
When you remove apps from the base wim, updates & the store start breaking. Causing mega headaches.
So when you need to move to a future version of Windows 10, you’ll likely need to re-run a task sequence to complete the process so remove the apps again from the new version.

Group Policy Changes

User Configuration

Policies / Administrative Templates / Start Menu and Task Bar
Remove the People Bar from the taskbar
Turn off feature advertisement balloon notifications

Preferences / Windows Settings  / Registry 
Default File Explorer to open ‘This PC’ instead of
Key: HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value: LaunchTo
DWORD: 1

Hide Notifications when Duplicating Screen
Key: HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings
Value: NOC_GLOBAL_SETTING_SUPRESS_TOASTS_WHILE_DUPLICATING
DWORD: 1

Turn off Windows 10 Welcome Experience
HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
Value: SubscribedContent-310093Enabled
DWORD: 0

Turn Off Windows 10 Game Bar
Key: HKCU:SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR
Value: AppCaptureEnabled
DWORD: 0

Windows 10 Privacy Settings
Send Microsoft info about how ..
Key: HKCU:SOFTWARE\Microsoft\Input\TIPC
Value: Enabled
DWWORD: 0

Let website provide…
HKCU: Control Panel\International\User Profile
Key: HttpAcceptLanguageOptOut
DWORD: 1

Turn Off Recently Added Apps in Windows 10 Start Menu
Key: HKCU: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value: Start_TrackProgs
DWORD: 0

Turn Off Start Menu App Suggestions
HKCU: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
Value: SystemPaneSuggestionsEnabled
DWORD: 0

Turn Off Microsoft Edge Flash Player
Key: HKCU: Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons
Value: FlashPlayerEnabled
DWORD: 0

Turn Off One Note Connect to Cloud Sign In
Key: HKCU: Software\Microsoft\Office\16.0\OneNote
Value: FirstBootStatus
DWORD: 01000101 (Hexadecimal)

Key: HKCU:Software\Microsoft\Office\16.0\OneNote\Options
Value: BootClippingPanelWithOneNote
DWORD: 0

Turn Off Skype Welcome Screen
Key: HKCU:Sofware\Microsoft\Office\16.0\Lync
Value: IsBasicTutorialSeenByUser
DWORD: 1

Computer Configuration

Policies / Administrative Templates

System / Internet Communication Management / Internet Communication settings
– Turn off Windows Customer Experience Improvement Program -> Enabled

System / Logon
– Do not display the Getting Started welcome screen at logon -> Enabled
– Show first sign-in animation -> Disabled
– Turn off app notifications on the lock screen -> Enabled
– Turn off picture password sign-in > Enabled
– Turn on convenience PIN sign-in -> Disabled

System / User Profiles
– Turn off the advertising ID -> Enabled

Windows Components / App Privacy
– Let Windows apps access diagnostic information about other apps -> Enabled -> Force Deny

Windows Components / Application Compatibility
– Turn off Application Telemetry -> Enabled
– Turn off Inventory Collector -> Enabled

Windows Components / Cloud Content
– Do not show Windows tips -> Enabled
– Turn off Microsoft consumer experiences -> Enabled

Windows Components / Data Collection and Preview Builds
– Allow Telemetry -> Enabled -> 0  – Security [Enterprise Only]
– Do not show feedback notifications

Windows Components / Internet Explorer
– Automatically activate newly installed add-ons

Windows Components / Internet Explorer / Security Features / Addon-on Management
– Add-on List
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> 2
– Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects -> Enabled
Windows Components / Microsoft Account
– Block all consumer Microsoft account user authentication -> Enabled

Windows Components / Search
– Allow Cloud Search -> Disabled
– Allow Cortana above lock screen -> Disabled
– Don’t search the web or display web results in Search -> Enabled

Windows Components / Windows Defender Antivirus / MAPS
– Send file samples when further analysis is required -> Never send

Windows Components / Windows Game Recording and Broadcasting
– Enables or disables Windows Game Recording and Broadcasting -> Disabled

Windows Components / Windows Hello for Business
– Use Windows Hello for Business -> Disabled

 

Preferences / Windows Settings / Registry

Remove OneDrive from Explorer Folder Tree
Key: HKLM:Software\Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
Value: System.IsPinnedToNameSpaceTree
DWORD: 1

Disable Edge Desktop Shortcut Creation
Key: HKLM:Software\Microsoft\Windows\CurrentVersion\Explorer
Value: DisableEdgeDesktopShortcutCreation
DWORD: 1

 

SCCM Task Sequence Additionals

Install DotNet3.5
https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/Install-DotNet35.ps1

http://www.systematicuprising.com/wp-content/uploads/microsoft-windows-netfx3-ondemand-package.cab

Import Start Menu
https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/Import-StartLayout.ps1

Example Layout: https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/StartLayout.xml

Remove XPS Printer
https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/Remove-XPSPrinter.ps1

Remove Windows 10 Apps
https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/Remove-Win10Apps.ps1

Import Default App Associations
https://github.com/Nostalgiac/Scripts/blob/master/SCCM%20and%20MDT/Import-DefaultAppAssociations.ps1

 

Total Views: (490)

Leave a Reply

Your email address will not be published. Required fields are marked *

Connect with Facebook

CAPTCHA

*