There are a lot of tools when it comes to the Windows 10 apps topic, there all doing the same there trying to remove the integrated apps, but is that really needed? Does removing the apps makes you more secure or just does it only causes troubles – especially if you want to upgrade your OS?
Windows 10 and pre-installed apps
Well, I have to admit I’m not an apps fan on a desktop pc but the question is if you really need to uninstall the apps? The answer is simple – you don’t need to uninstall them! Cause Windows already gives you all the integrated tools to handle the apps. Restricting access is enough. There is no additional security benefit removing any of those ads, since the app update is handled by explorer.exe/svchost.exe (which can’t be blocked from running). However you could prevent them to connect from the internet with a firewall (Windows integrated is enough). But again with the Windows own methods this is not needed.
Prevent Apps from launching by restricting the access
Gpedit.msc (not integrated into Windows Home editions) is something really powerful and it’s enough to handle Windows 10 apps. You can fine-tune the app behavior like you want.
There tons of more options which you can see (left panel) and fine-tune here, like controlling OneDrive, restricting unsigned applications, disable desktop gadget installation or turn off app permission like accessing your webcam.
The ‘App Privacy’ option can control app permissions.
So overall MS already gives you (from the beginning) all options to stop apps from running and to restrict everything how you want.
Benefits working with gpedit.msc over trusting external applications
- External applications depending on 3rd-party resources
- Trust – There might not be trustable
- Bandwidth – Why download a program if windows already gives you all what you need?
- Drive-by infection, no download no infection – makes sense!
- It’s a trap, most apps or scripts just doing nothing more/special here, there just only toggling the switches on gpedit.msc via registry changes.
- You learn more about the OS and the options! Sounds boring, well it isn’t cause you discover something powerful and you learn something which you benefit from. Using a program – turn of the brain and let it work is in general not a good advise, most people don’t know what’s really going on then and what it changes.
It should be noticed that even if you restrict apps like Cortana there might still be running, that’s normal cause there now a part of other components as well. For example Cortana fully replaced the integrated speech and search so you also need to turn them off too if you want to prevent cortana from launching. But even if you turned off everything there is are still some services running, this is also normal and not a bug or ‘spying’ this is related to system components which can’t be disabled without breaking other things and there good reason why they should be running.
A lot of people saying that the background running apps are dangerous and I agree in 50% of that cause you have no control over it unless you turn them off, however it’s not as dangerous as it’s always wrongly re-spelled on the internet. In my own tests with the Windows 1709 Pro Version each app only caused a small amount of connections during 24 hours for e.g update search, caused by the Store application itself or to update the news (e.g. a news app want to get news – what a surprise?!).
Removing them is pointless here, because there still ‘there’ you just removed the upper User level part, there still in the WinSXS folder which means there can be recovered via DISM or with the next Windows update. Because of this disabling makes more sense since a Windows Update not overrides user related gpedit.msc changes he manually made. Removing apps might also causes additional upgrade problems because Microsoft might remove an app and while you removed it, the process can’t be finished and a SysRep might fail too and it ends up with endless ‘waiting for updates to get ready’.
The only problem here is that exporting and importing such rules can be a little bit complicated, especially when you re-installed your OS. I will answer the question how to import and export gpedit.msc rules in another quick tutorial.
The integrated ‘Local Group Policy Editor’ method works well on all my test VM’s and it shows yet again that Microsoft already gives you full control over the OS. However, it’s a shame that the Windows Home version is crippled here and that the tool is ‘difficult’ to find for normal users, instead MS should integrate such useful and powerful function directly in their settings app which then should be visible directly and not hidden under 10 sub-menus. Of course a power know how to find everything but that’s not the point here, MS restrict several functions in different Windows versions for example only the Enterprise/LTSC(LTSB) version can ‘fine-tune’ telemetry while all other versions doesn’t get a toggle to turn telemetry off, this should be changed in my opinion – personally I think MS just have a fear everyone would turn it off and that’s why there not supporting all the toggles in their ‘public’ Windows versions – but this is only speculation without any proof.
The Local Group Policy Editor is powerful and everyone should play with it and the given options instead of trusting other tools, I totally get the point that import and export functionally needs to be improved here but I have my hopes that MS changes this over the time.
I work for years with it and it’s impressive that a lot of online articles recommend the mass to work with tools instead of the given option. Maybe it’s a trust thing but why you trust other tools if you already distrust MS – wouldn’t it make mor sense to then switch to a OS which you trust?!
Well I’m not here to blame people which trying to ‘unfuck’ the Windows OS but I do want to say again that most of the ‘tweaks’ are placebo – or you simply can already work since the beginning with MS own solutions to customize the OS how you like.