Timeline of the ways I’ve removed the Built-in Apps
|Windows 10 1511||Used DISM and PowerShell to directly modify the WIM file|
|Windows 10 1607||Used DISM and PowerShell to directly modify the WIM file|
|Windows 10 1709||Added a step in the OSD Task Sequence to run a PowerShell script utilizing Remove-AppxProvisionedPackage|
|Windows 10 1809||Used PowerShell script within Configuration Items|
In this script I declare an array, Applist, with the DisplayNames of the Built-In apps I want to remove. I run this array through a foreach statement which matches the names from the Get-AppxProvisionedPackage command and removes them. If you notice, I created a Counter variable. I use this variable to see how many apps match the apps I added in the Applist variable. More to come about the Counter further down in this post.
To get the built-in app names you can run the following in an admin PowerShell window
Get-AppxProvisionedPackage -Online | Select-Object DisplayName
Creating the Configuration Item (CI)
- Open the ConfigMgr/SCCM console and select Assets and Compliance
- Expand Compliance Settings and right-click on Configuration Items then select Create Configuration Item (this will launch the Create CI wizard)
- On the General screen specify a Name, Description, and Category. Leave the default checked for the type of CI to Windows Desktops and Servers (custom) and click Next
- On the Supported Platforms screen, select Windows 10. Click Next
- On the Settings Screen click New…
- Enter the name of the setting
- For Setting type select Script from the drop down
- For Data type select Boolean
- Click Add Script
- After clicking Add Script (under Discovery Script section), in the window paste the code from the Script referenced earlier in the post. Click OK
- Click Add Script under the Remediation Script section. Cope the same code from point 6 into this field except uncomment line 30. Line 30 is the uses the Remove-AppXProvisionedPackage PoSH cmdlet to remove the built-in apps. Click OK
- Click Apply and OK
- Click Next
- On the Compliance Rules screen, click New
- Enter an appropriate rule name or leave default (not recommended)
- Next click Browse and then select the Settings we just created (should have current in in the name in parenthesis) and click Select
- Make sure the comply rule settings are set to Equals and True
- Check the box to run the remediation script when the setting is noncompliant
- Click OK
- Complete the rest of the wizard using the defaults.
Deploying the CI
Now that we’ve created the CI we can deploy it using a Configuration Baseline.
- In the console under Assets and Compliance section expand Compliance Settings
- Right click on Configuration Baselines and select Create Configuration Baseline
- In the Create Configuration Baseline Wizard enter the Name
- Click Add and select Configuration Items
- Select the CI which we created earlier in the post.
- Click Add and Click OK
- Right-Click on the Configuration Baseline and deploy it to your test collection
Verifying the settings
On your Windows Client open the ConfigMgr Properties window and select Configurations. You should see the Configuration Baseline listed here. If not, you can either wait for policy to hit your machine or run the Machine Policy Retrieval & Evaluation Cycle action from the Actions Tab.
Once you can see the Configuration Baseline under Configurations…go ahead and select it then click Evaluate. The status should change from unknown to in progress and then to Compliant.