Disable windows 10 non enterprise store tab’s

With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps.

For a Windows 10 project that I am currently  working on we wanted to disable the non enterprise store tabs in the windows Store app and only use the Windows store for business!

Current situation, logged in with an business user account:

currentStore

According to Microsoft, The only way to disable the non enterprise store tabs right now is a mobile CSP. Supposedly, a GPO for this is forthcoming, but not available yet. If you disable the store with the GPO, the private store goes with it!

Well this is not completely true because I managed to find the right registry key to accomplish this. see below for the result:

resultStore

To fix this the only thing you need to change is one registry setting, assuming you already configured Azure AD and Business store of course!

Using Registry Editor
Run regedit and hit Enter to open the Registry Editor. Navigate to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftPolicyManagerdefaultApplicationManagementRequirePrivateStoreOnly

Change the DWORD VALUE in the RequirePrivateStoreOnly key  from 0 to 1.

Restart you windows Store app and you should now only see the business store! If you arent’t logged in with an business account then you only see a grey window!

I hope this was informative for you!

This setting is tested on a Windows 10 enterprise (Build 10586.164).

Kind regards,

Pouyan

Prompt for Credentials When Accessing FQDN Sites From a Windows 8.1 and higher

Consider the following scenario.
On a computer that is running Windows Vista or higher, you do not configure a proxy in Windows Internet Explorer.
You use Web Distributed Authoring and Versioning (WebDav) to access a fully qualified domain names (FQDN) site.
In this scenario, you are prompted to enter your credentials, even though the user account that you are using has sufficient permission to access this site.

For example, when you open a Microsoft Office file from a Microsoft Office SharePoint site by using 2007 Microsoft Office on a Windows Vista-based client computer that has no proxy configured, you are prompted for authentication.

You may also see the following error when working with moved folders via explorer view:

“Your client does not support opening this list with Windows Explorer.”

Continue reading Prompt for Credentials When Accessing FQDN Sites From a Windows 8.1 and higher

Disable/Hide Control Panel

This setting allows you to restrict user access to the Control Panel options and settings.

Create a new text file and rename it to “NoControlPanel.reg”, then copy the key below and past it in the reg file. save the file and right click and select “Merge”
[shell]
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
“NoControlPanel”=dword:00000001
[/shell]

More information about this REG Key:
[shell]
User Key: [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
System Key: [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
Value Name: NoControlPanel
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)
[/shell]

Disable initial configuration tasks and server manager pop up when an admin logs

To disable automatic launching via regkey, you can set these values.

For Server Manager, you need to set:

[shell]

HKEY_CUURENT_USERSoftwareMicrosoftServerManagerDoNotOpenServerManagerAtLogon (REG_DWORD) to 1

[/shell]

For Initial Configuration Tasks, you need to set:

[shell]

HKEY_LOCAL_MACHINESoftwareMicrosoftServerManagerOobe
DoNotOpenInitialConfigurationTasksAtLogon (REG_DWORD) to 1

[/shell]

Disable Java Update

Disable Java Updater trough registry tweak:

This one is for a x64 OS:

Windows Registry Editor Version 5.00
Ms Windows 2008 R2

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeJavaSoftJava UpdatePolicy]
"EnableJavaUpdate"=dword:00000000

This one is for the x86 OS:

Windows Registry Editor Version 5.00
Ms windows 2003

[HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava UpdatePolicy]
"EnableJavaUpdate"=dword:00000000

Bye,

Script to disable Internet Explorer (IE) Enhanced Security Configuration

In this post, i will show you how to disable Internet Explorer (IE) Enhanced Security Configuration trough a script.

You have to create/modify these keys below to achieve this:

REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f

Put that into a batch file and run it and you should be good.

First key is to turn off this future for Administrators, the second one is to turn off this future for Continue reading Script to disable Internet Explorer (IE) Enhanced Security Configuration