Cyber Security

Windows 10: Deny Windows Store Access and Disable all Apps from Microsoft Store with Group Policies

With the release of Windows 10, Microsofts Client-Operating System has become more and more an app-focused operating system. Windows 10 S underlines that. In Windows 10 S, users can only install apps from the Windows Store. Windows 10 will not only be used privately, but also in company networks. In enterprise networks users sometimes use the Windows Store to install apps and games. If you want to prohibit that, than you’ve come to the right place. This article will guide you step-by-step through the process of disabling Windows Store Access and disabling all apps from the store in an Active Directory domain. Let’s jump in.

The Objective

What do we want to achieve? We want users not to be able to open the Windows Store, and when they try to open the Store, they should get this security message:

Unbenannt.png

Microsoft Store is blocked. Check with your IT or system administrator.

Cool thing, hu?

Prerequisites

In order to make this happen your clients must run Windows 10 Enterprise. If that’s not the case, your journey ends here. So make sure you are applying your Group Policy to Windows 10 Enterprise clients.

Unbenannt.png

Creating the Group Policy

Turn off the Store application

Log in to your domain controller and open gpmc.msc. Create a new group policy, open it and navigate to

Computer Configuration – Administrative Templates – Windows Components  – Store

Locate the “Turn off the Store application” policy, hit the radio button and select Enabled.

Unbenannt.png

Disable all apps from Microsoft Store (Optional)

(Optional) Next, select the “Disable all apps from Microsoft Store” policy and enable it. This will prevent running all apps that were downloaded or pre-installed from the Windows Store, for example the Microsoft News app. This setting does not apply to built-in apps like the Edge Browser.

Unbenannt.png

Close the policy and link it to an organizational unit (OU) of your choosing. Keep in mind that we’ve now configured a GPO for computer objects, therefore your OU must contain computer accounts and those computer accounts must run Windows 10 Enterprise.

Unbenannt.png

You can already hear the phone ringing? The users are complaining? You wanted it that way! 😉

More about Windows Store and Group Policies here: https://docs.microsoft.com/en-us/windows/configuration/stop-employees-from-using-microsoft-store

See also

Windows 10: Changing the default Projector Settings with displayswitch.exe (Duplicate, Extend …)

Group Policies: Enabling WinRM for Windows Client Operating Systems (Windows 10, Windows 8, Windows 7)

Configuring Group Policies using Windows PowerShell

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.