Can tweaks be applied to the default user account? #29
Comments
|
I'm gonna use this issue to cover possible scenarios how the script can be used in multi-user environments and installation images, so I can be mean to other people having the same question afterwards. Note that this list is not exhaustive, just several ways off the top of my head. Also note that they weren't tested. First of all, trust the FAQ. If there would be any noncomplicated way how to achieve application of the tweaks system-wide for all accounts, it's already in the script. That being said, you are still left with several complicated ways how to at least partially achieve it. It all depends on your environment and user setup. And of course your understanding of Windows ecosystem. Option 1. Create custom presets for admin and user part. In the admin part, set the stuff which is common for the whole machine - HKLM registry keys, services, Windows features etc. - in the user part, set UI tweaks and other stuff in HKCU which doesn't require elevation via Option 2. Bypass UAC. You can do that either via Task Scheduler (recommended) or using some other shady technique as described eg. here. You don't have to feel bad. According to Microsoft, UAC is not a security boundary and some applications (eg. CCleaner) are already using such technique for a long time. Option 3. Target user's registry hives directly. This requires overhauling the HKCU parts in the script. The idea basically is, that instead of Option 4. Use group policies. I imagine that this might be a stupid advice, but don't use the script at all. :) Pretty much every registry path in the script containing List of the places where you can put your script to run automatically:
As for the default accounts in OPs question - The closest method how to achieve it would suggest option 3, but unfortunately there is no way how the tweaks can be implicitly applied to accounts which are yet to be created, as lot of values are populated during the first logon. |
Not exactly ;)
https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps |
True, however that's just for apps, not for other registry tweaks. The AppX packages are not removed for all users so it's possible to install them back easily. The hard way is too hard for most users. And yeah, I'm aware that the apps can be reinstalled from Windows Store, but if you remove also Windows Store for all users, you're out of options. |
Trying [Option 1](Disassembler0#29 (comment)) for multi-user scenario.
|
Running this in an OSD Task Sequence (SYSTEM), my hope is to disable certain features for all future users, without having to wait for a user-based software deployment to kick in, or (worse) implementing this as a login script for all users. As it stands, tons of these throw errors referencing a non-existent HKCU. I understand the requirement to break out a user part, but it would be nice if most of the user-facing changes were adapted to run as admin (or at least apply to the default user profile, if possible). |
Hello,
I've been trying to figure out how to get the tweaks to apply to all users that login to the PC. As per your FAQ, each user that runs the script should be added to the Administrators group before running the script, however, I only want to run it once (as local admin) and have the tweaks apply to all user accounts on login. Is this possible? Ideally I would like to run the script against an image I'm creating with MDT/VMware and have the tweaks applied to the custom image.
Tremendous job on this script BTW. Very handy!
Ryan
The text was updated successfully, but these errors were encountered: