Comments (4)
I'm gonna use this issue to cover possible scenarios how the script can be used in multi-user environments and installation images, so I can be mean to other people having the same question afterwards. Note that this list is not exhaustive, just several ways off the top of my head. Also note that they weren't tested.
First of all, trust the FAQ. If there would be any noncomplicated way how to achieve application of the tweaks system-wide for all accounts, it's already in the script. That being said, you are still left with several complicated ways how to at least partially achieve it. It all depends on your environment and user setup. And of course your understanding of Windows ecosystem.
Option 1. Create custom presets for admin and user part. In the admin part, set the stuff which is common for the whole machine - HKLM registry keys, services, Windows features etc. - in the user part, set UI tweaks and other stuff in HKCU which doesn't require elevation via RequireAdmin
. Admin part then can be run only once right after the installation (and possibly again after some major updates), user part can be run either on every login or just once after the user logs in for the first time.
Option 2. Bypass UAC. You can do that either via Task Scheduler (recommended) or using some other shady technique as described eg. here. You don't have to feel bad. According to Microsoft, UAC is not a security boundary and some applications (eg. CCleaner) are already using such technique for a long time.
Option 3. Target user's registry hives directly. This requires overhauling the HKCU parts in the script. The idea basically is, that instead of HKCU:\Some\Registry\Key\
you'll access HKU:\S-1-5-21-<UUID>\Some\Registry\Key\
. Ideally, that user has to log in at least once before using this method to populate their hive properly.
Option 4. Use group policies. I imagine that this might be a stupid advice, but don't use the script at all. :) Pretty much every registry path in the script containing Policies
is just ripped off of a GPO. There might not be a policy for everything, but for most of the tweaks, there is (including some tweaks where I don't use policies in my script). However this requires much deeper knowledge of Windows then ordinary power user has, so this might be more suitable for domain admins.
List of the places where you can put your script to run automatically:
- Registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- Registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
- Registry key
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Registry key
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
- Folder
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup
- Folder
%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp
- Group policy Configuration -> Windows Settings -> Scripts (Logon/Logoff)
- Task Scheduler - At startup / At log on event-based triggers. Required for option 2.
- Active Setup
- WinPE winpeshl.ini - This would be the way how to run the script directly as part of an installation image, although I suggest wrapping the script to a
*.bat
file.
As for the default accounts in OPs question - The closest method how to achieve it would suggest option 3, but unfortunately there is no way how the tweaks can be implicitly applied to accounts which are yet to be created, as lot of values are populated during the first logon.
from win10-initial-setup-script.
trust the FAQ. If there would be any noncomplicated way how to achieve application of the tweaks system-wide for all accounts, it's already in the script.
Not exactly ;)
Remove-AppxPackage -AllUsers
https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps
from win10-initial-setup-script.
Not exactly ;)
Remove-AppxPackage -AllUsers
True, however that's just for apps, not for other registry tweaks. The AppX packages are not removed for all users so it's possible to install them back easily. The hard way is too hard for most users. And yeah, I'm aware that the apps can be reinstalled from Windows Store, but if you remove also Windows Store for all users, you're out of options.
from win10-initial-setup-script.
Running this in an OSD Task Sequence (SYSTEM), my hope is to disable certain features for all future users, without having to wait for a user-based software deployment to kick in, or (worse) implementing this as a login script for all users. As it stands, tons of these throw errors referencing a non-existent HKCU.
I understand the requirement to break out a user part, but it would be nice if most of the user-facing changes were adapted to run as admin (or at least apply to the default user profile, if possible).
from win10-initial-setup-script.
Related Issues (20)
- What are "ModernUI applications" - or how do I recognize them? HOT 5
- Transparency not being disabled on 2004 HOT 2
- Request: Disable/Enable Print Spooler Serivce. HOT 1
- Windows Defender Attack Surface Reduction Rules (ASR) HOT 1
- Wi-Fi Sense is no longer available HOT 2
- Disassembler intermintently stops when running through selected items in .preset file
- Disable Domain Firewall HOT 1
- How to find "Quick acces" and classical incon on taskbar HOT 1
- EnableActionCenter not work after DisableActionCenter HOT 3
- Open command window here
- PowerShell and ampersand issues HOT 1
- Add command option to read current settings and output as preset file
- Add short description column to the preset file
- NumLock
- Add Disable Caps Lock HOT 1
- DisableF1HelpKey completely disables F1 and F2 keys HOT 1
- How to undo these changes? HOT 3
- Consider putting all MsftBloat in separate script file HOT 1
- Administrative shares not working
- Remove photos viewer from msft bloat
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from win10-initial-setup-script.