Windows 10 1607: Keeping apps from coming back when deploying the feature update

For those of you that have deployed Windows 10 1511, you're probably already starting to work with Windows 10 1607, getting ready for initial pilot deployments so that you’re ready for broad deploying of Windows 10 1607 in the coming months.  As part of that work, you would notice that apps you had removed from Windows 10 1511, e.g. Xbox and Sports, come back as part of the feature update installation process (regardless of how you install it – WU, WSUS, ConfigMgr, MDT, media, etc. all behave the same).

We’re working on solving this particular issue in a future feature update.  But for now, there are some workarounds that you can use.  First, let’s look at the two main scenarios for feature updates:

  • Those that leverage VL media, e.g. ISOs downloaded from VLSC.  These are the simplest, as you can modify the INSTALL.WIM file to remove the apps you don’t want, then use the modified image to do the upgrades.  This works well with ConfigMgr task sequences, MDT task sequences, and other installations where you run SETUP.EXE with command-line switches.
  • Those that leverage update packages published via WU or WSUS.  These are harder, because you can’t modify the ESD files that are being used.  So as an alternative, you need to remove the apps (again) after the new OS is installed, but ideally before the first user logs into the device.  This works well with Windows Update for Business, WSUS, and ConfigMgr current branch Windows 10 Servicing deployments.

Let’s look at both of those in a little more detail.

 

Modifying the INSTALL.WIM

To make the needed modifications to the INSTALL.WIM, first you need to extract the contents of the .ISO file that you downloaded from VLSC and make sure that the files aren’t marked read-only (since you need to make changes to them).  That can be done by mounting the .ISO in Explorer (assuming you’re running Windows 10 already, since it supports that).  Then from an elevated PowerShell session, you can run the following commands (substituting your own paths):

Mount-WindowsImage -Path C:\Mount -ImagePath c:\media\sources\install.wim -Index 1
Remove-AppxProvisionedPackage -Path C:\Mount -PackageName Microsoft.XboxApp_2016.728.453.0_neutral_~_8wekyb3d8bbwe
Dismount-WindowsImage -Path C:\Mount -Save

In this example, C:\Mount is an empty folder where the WIM will be mounted.  Since I’m using a Windows 10 Enterprise 1607 WIM, there is only one image index, so I can specify index 1.  And I’m removing the Xbox app.  I can repeat the Remove-AppxProvisionedPackage command as many times as needed.  Use “Get-AppxProvisionedPackage -Path C:\Mount” to get a list of apps.  Or if you want to use something a little more dynamic, see the example script in the Removing Windows 10 in-box apps during a task sequence blog post.

 

Cleaning up apps after installing the feature update

So what options are available for after-the-fact cleanup of the apps, given that the goal is to remove the provisioned apps before a user first logs in (which would result in the apps installing for that user)?  There are probably a few, but there are two that stand out:

  • Create a scheduled task that runs a PowerShell script that removes the unwanted apps at startup.  The simplest option is to try to remove the extra apps each time the computer restarts.  If the apps aren’t there, the script doesn’t need to do anything.
  • Create a batch file that is run right after the upgrade successfully completes.  For that to work, you have to create a SetupConfig.ini file that specifies:

[SetupConfig]
PostOOBE=C:\Cleanup.cmd

In either case, it would be good to run a PowerShell script that issues a command like:

Remove-AppxProvisionedPackage -Online -PackageName Microsoft.XboxApp_2016.728.453.0_neutral_~_8wekyb3d8bbwe

repeating that for each app that you want to remove.  (And again, see Removing Windows 10 in-box apps during a task sequence for more sophisticated scripts.)

 

Summary

Those are the high-level steps needed to remove the apps.  If you need more details, let me know and I can provide more complete examples.

Also remember that some apps aren’t in-box but are instead installed from the Windows Store when a user signs on for the first time.  See https://blogs.technet.microsoft.com/mniehaus/2015/11/23/seeing-extra-apps-turn-them-off/ for more details on that, and keep in mind that some of the policies related to this aren’t supported in Windows 10 Pro version 1607 and later; see https://technet.microsoft.com/en-us/itpro/windows/manage/group-policies-for-enterprise-and-education-editions for the specifics.