Windows 10 brought new options for managing endpoints. As the latest version of Windows Server is version 2012 R2 for now, we need a workaround the time new Windows Server 2016 will come up. The pack containing Windows 10 ADMX templates allows to control which features and functions are activated on Windows 10 computers. For your information there is 2101 new settings for Windows 10 in those ADMX files….
If you have a domain managed by a domain controler which does not have a clue that some Windows 10 boxes are now part of a domain, how do you manage those systems? There is a new browser Edge. Or another example – Microsoft OneDrive for storage. You may want to prevent users to use OneDrive for storing enteprise documents by disabling completely OneDrive. You can manage those configs through GPO.
With Windows Server 2012 R2, you need to import Windows 10 ADMX file into a specific folder that you'll have to create. When the 2012R2 was released (in 2013) Windows 10 wasn't born just yet. To use those .ADMX files in Windows Server 2012R2, you must create a Central Store in the SYSVOL folder on a Windows domain controller.
The Central Store is a file location that is verified by the Group Policy tools. The Group Policy tools use any .ADMX files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
How-to Import Windows 10 ADMX into Windows Server 2012 R2 Domain – The steps:
Step 1: First thing to do is to create a Central store at C:\windows\sysvol\<your_domain>\policies
There you create a folder named PolicyDefinitions
Step 2: The next step is to download and import the Windows 10 ADMX files. So after downloading > Run the MSI package to install it > Copy all ADMX files from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions to the Central store folder called PolicyDefinitions you just created.
(Note: copy also the folder as on the image below – depending of the language you're managing – In my case I copied the en-US, but you may run your DC in different language, then you might want to pickup different one. In any case, if the folder isn't copied you'll find yourself with bunch of errors when wanting to edit new GPOs).
Step 3: Go to your Group Policy Management Console (gpmc.msc ) and create new GPO for your Windows 10 endpoints > Then Right Click > Edit
The new options will show up under Computer configuration > Policies. There is completely new branch called “Administrative Templated: Policy Definitions (ADMX files) retrieved from the central store”. The central store that you have created at the beginning of this post.
That's it. You can then find the setting you want to disable and hook this GPO to the container where your Windows 10 desktops are located….
In this example I refuse all cookies in Microsoft Edge browser, but as I mentioned at the beginning of this post, there is over 2000 settings….
Refresh the GPO by running “gpupdate /force” from command line > Done.
Let me get back to systems which are not part of a domain. There is a second option for users that do not wont to go through the Group Policy console.
Option 2: For isolated systems you might also disable the settings via a registry key
The associated registry key, located at:
“HKLM\Software\Policies\Microsoft\Windows\CloudContent,” value “DisableWindowsConsumerFeatures.”
Set that value to 1 and you won’t get the extra apps.