MENU
REQUEST URGENT HELP

Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!
Jörgen Nilsson 06 Oct 2021
2 min

Windows 11 customizations a first look

Customization of Windows 10 is something that we have done since Windows 10 was released. Reason? Get rid of apps that are not enterprise ready and should not be on an Corporate device, set default apps for our preferred applications maybe apply company branding and more.

Windows 11 changes nothing of this as many of the same apps are installed and there are still many scenarios where we want to modify the experience for the end user. What has changed is the Start Menu which will is and will be always is a big discussion point on how what IT should control.
Lets’ have a look at the basic customizations we normally do and how they work in Windows 10.

This is how my “Windows 11 customizations” step look like. (yes Start menu is greyed out more on that later in the post)

Branding – Works the same as in Windows 10
Remove Builtin Apps – Works the same way as in Windows 10
Importing a Default App Association – Works the same way as in Windows 10

Start Menu – Does not work the same way, has a new format .Json more on that later.

Windows 11 Start Menu

The Start Menu in Windows 11 is one of the biggest news and is totally different from Windows 10.

In Windows 10 we are used to use PowerShell, Intune or Group Policy to Pin apps, partially control the Start Menu. We have many options that fills all the different needs out there. In Windows 11 the Export-StartLayout command generates an .Json file instead of an .xml file as it did in Windows 10.

When writing this the Import-StartLayout command cannot import the same .json file which is generated when we export it.

Which is expected. Documentation for OEMs how to modify the Start Menu has been published and can be found here: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/customize-the-windows-11-start-menu/
LayoutModification.xml is the file that was used in Windows 10 and in Windows 11 it has a new friend, LayoutModification.Json.
From Docs:

Let’s hope there will be a new option for the Import-startlayout in the future that can handle the import of the file as well.

Branding

Branding for me is something that IT should not decide it is the business that should decide how/if it should be controlled.
Branding for me is changing the lock screen, replacing the default background and default user account picture. It works exactly the same way as it did in Windows 10.
End result could look like this:

The script can be found here: https://github.com/Ccmexec/MEMCM-OSD-Scripts

Default App association

Works in the same way it did in Windows 10. we make the changes we want to under settings, default apps export them and import them during OSD.

  • Log on to the computer as a user that is local administrator and open Settings and then Apps
  • Under Default Apps make the changes so they are the way you want them, example could be .PDF
  • Then open and Command Prompt with Run as administrator.
  • In the command prompt type, the following command to export the file associations.
    C:\WINDOWS\system32>Dism.exe /online /Export-DefaultAppAssociations:C:\Windows\Temp\DefaultApps.xml
  • Edit the DefaultApps.xml to inly include the associations you want to change.
  • Place it the source folder with script that can be downloaded below.
  • Add it to your Task Sequence

Sample script can be downloaded here: https://github.com/Ccmexec/MEMCM-OSD-Scripts

Remove builtin apps and capabilities

Works the same way as before more information can be found here:
https://ccmexec.com/2018/04/windows-10-remove-builtin-apps-script-with-multiple-version-support/

Worth noticing is that if you do the other way around and use a script that lists what you want to keep instead of what to remove be sure to update it. There are some new interesting app names that we most likely should not uninstall in there.

An updated download with the script and applist for Windows 11 can be found here: https://github.com/Ccmexec/MEMCM-OSD-Scripts

Summary

To sum it up, not much have changed expect for the Start Menu which is obvious as it is totally remade.
Looking forward with great interest in how we can manage the Start Menu experience for our end users.
blog author image
Jörgen Nilsson jorgen.nilsson@onevinn.se

Latest Blogposts

Karin Bui 16 Apr 2024

Welcome to us Patrik Jonsson

1 min
Olov Norman 12 Feb 2024

Welcome to us Kim Nordqvist

2 min
Rikard Rönnkvist 22 Dec 2023

Merry Christmas to all hackers

4 min
/feature
Onevinn

Göteborg

Kvarnbergsgatan 2
411 05 Göteborg

Lund

Scheelevägen 17
223 70 Lund

Karlstad

Lagergrensgata 2
652 26 Karlstad

Örnsköldsvik

Magasinallen 2
890 30 Örnsköldsvik
Onevinn Map
MISA_RGB_MemberBadge_Main_Landscape_FullColor_Dark
Microsoft Solutions Partner
Yubico Preferd Partner
Microsoft Advanced Specializations
Security
Lookout Mobile EDR Defense Partner
Threat Protection
Modern Work
EBF Onboarder
Identity and Access Management
Infrastructure
Entrust Hardware Security Modules
Information Protection & Governance
Cloud Security