It is no secret that Windows 10 has a nasty habit of installing software that we do not want installed in our environments, and this seems to be something that Microsoft has no intention of changing in the near future.  The only “easy” solution is to get your hands on Enterprise LTSB, but then you do not get feature updates.  Anywho, presented with this issue and the fact that my customers only pay for Windows 10 Pro (shocker) I came up with a PowerShell script to only keep the apps that I dictate installed, with a little help from the Obi-Wan you all hear about so frequently.

A quick run-down for those who are not yet familiar with Windows 10 there are two types of packages that we are concerned with today; AppxPackages and AppxProvisionedPackages.  AppxPackages are the packages of the currently installed Microsoft apps for a particular Windows User Profile on the machine.  AppxProvisionedPackages are the pesky devils that install the apps upon new user profile creation on the machine.  Naturally, the latter are the ones we are most concerned with, but we want to ditch any of the AppxPackages that may linger on.

Also, I have included a quick check to make sure the PowerShell script will only run on Windows 10 1703 or lower.  This way I have time to test on the next version and make sure this script doesn’t screw anything up before I allow it to run on client machines.

When it comes to deployment I push with GPO and run the script at computer startup, but I run a batch script that copies the .ps1 file down to a restricted folder on the local machine first.  I do this because this script needs to run as system to be fully effective.  I also add the following arguments when running the script to hide the PowerShell window while it’s running.