无法在域环境中禁用 Microsoft Store
osh*_*nen 7 active-directory group-policy windows-10
在 AD 中,我创建了一个新的 OU 并将我的用户名移动到该 OU 中,以便我可以使用我自己的域用户帐户进行测试。
然后我创建了一个新的 GPO 并启用了以下功能:
Computer Configuration > Policies > Administrative Templates > Windows Components > Store > Turn off the Store application = Enabled
我去了我的本地计算机,将它连接到域,使用我的域登录详细信息登录,以管理员身份加载 CMD 并键入
gpupdate
它显示了以下输出:
C:\Windows>gpupdate
Updating policy...
Computer Policy update has completed successfully.
The following warnings were encountered during computer policy processing:
The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
User Policy update has completed successfully.
For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
C:\Windows>
我尝试加载 Microsoft Store,但它仍然加载。
然后我尝试了以下命令:
gpupdate /force
显示了以下输出:
C:\Windows>gpupdate /force
Updating policy...
Computer Policy update has completed successfully.
The following warnings were encountered during computer policy processing:
The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
User Policy update has completed successfully.
For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Certain Computer policies are enabled that can only run during startup.
OK to restart? (Y/N)Y
Restarting the computer...
..
C:\Windows>
计算机重新启动后,它仍会加载 Microsoft Store。
我检查了 GPReport.html,但看不到任何提及禁用 Microsoft Store 的 GPO。
任何想法为什么这不起作用?
环境细节:
域上的客户端计算机:
- Windows 10 Enterprise(连接到域的桌面客户端计算机)
在域服务器上:
- 交流 2013
- 活动目录 6.3.9xx
在 AD 中,我创建了一个新的 OU 并将我的用户名移动到该 OU 中,以便我可以使用我自己的域用户帐户进行测试。
您不能将计算机设置 GPO 链接到用户帐户,您必须将其链接到计算机帐户。
我检查了 GPReport.html,但看不到任何提及禁用 Microsoft Store 的 GPO。
结果,GPResult 不显示链接的 GPO,这是正常的。
确保 GPO 强制执行到正确的 OU,计算机帐户将在其中应用设置。
对我来说,这是一个简单的错误。为什么 ?因为如果是安全组错误或 WMI 过滤器,GPO 将列在 GPResult 中,但会出现访问被拒绝错误。
我不确定为什么它不起作用,但我的 AD 环境由 Win 10 Pro 机器组成,我想完成同样的事情。我最终不得不使用软件限制策略。
Computer Config>Windows Settings>Software Restriction Policies>Additional Rules
然后添加以下内容:
%programfiles%\WindowsApps\Microsoft.WindowsStore*
将安全级别设置为 Disallowed
GPO 设置阻止 Store、XBOX、Skype、Windows Mail 的图片
最终结果:
希望这可以帮助 :)
| 归档时间: |
|
| 查看次数: |
1332 次 |
| 最近记录: |