Microsoft Removes Windows Store Blocking Policy from 10 Pro

Subject: General Tech | May 4, 2016 - 07:26 PM |
Tagged: microsoft, windows 10, Windows Store

Well that's a great precedent, Microsoft. In Windows 10 1511, which released in November for the general public, they removed the group policy setting to disable Windows Store from Windows 10 Pro. From a consumer standpoint? I can't see this decision making any difference. I doubt that a group policy setting would be the best line of defense for any use case that requires a disabled Windows Store.

View Full Size

From an enterprise standpoint -- there might have been good reason to disable it. Microsoft's solution is to use Windows 10 Enterprise or Windows 10 Education. This doesn't help those who already purchased a significant number of Windows 10 Pro licenses. I've also talked to someone in an enterprise environment who pointed to this decision as their reason to not upgrade to Windows 10 earlier in the year. Their organization cannot justify upgrading to Windows 10 Enterprise, and they have legal obligations that require locking down the apps that end-users can install.

So enterprises have been privately responding to this decision, apparently, but I'm not sure whether they're considering the bigger precedent. This is a concrete example of Microsoft removing user choice after they accepted the platform. This should start to make users think about all the other ways that Microsoft can alter the deal going forward, especially since you cannot just sit on Windows 10 1511 for a decade like you could with Windows XP or Windows 7.

Preventing users from blocking Windows Store (and the UWP) could be seen as a step toward deprecating the “wild west” method of installing software that we're used to. You can install unsigned Win32, for now. You can sideload UWP applications that aren't certified by Microsoft, although they need to be signed by a handful of root certificates, for now. This will always be a concern when dealing with a closed platform, where society isn't allowed to just fork away from disaster, but it's good to continually remind people of what could happen if decisions are extrapolated.

It would be wrong to assume malicious intent, though -- that stuff would leak all the time. But, with sufficient tunnel-vision, we could end up with negative consequences. It could be an enterprise worth of PCs becoming useless legal liabilities overnight, or it could be policies that allow a government to ban encryption software from installing on a platform.

Source: ZDNet

Video News

May 4, 2016 | 07:42 PM - Posted by Anonymous (not verified)

There is a new branch of Win 10 pro, Long-Term Servicing Branch (LTSB) that is bereft of all of that stuff. Why they are pulling this fix so early I have no idea, that's still shady.

May 18, 2016 | 02:15 PM - Posted by Anonymous (not verified)

The LTSB version is only available to those with an Enterprise Agremeent, typically 500 systems or more.

May 4, 2016 | 07:49 PM - Posted by nickb64

If people have my luck, every couple of months Windows will just make the Store and every "modern" (or whatever they're calling them now) app will randomly disappear, requiring a reinstall to bring them back.

May 4, 2016 | 08:41 PM - Posted by dontthroworanges (not verified)

Just FYI. While it's not the end all to this conversation, you can still disable users from adding a Microsoft Account to the machine via GPO. So users still can open the Store app, but since you need an MS account to download anything, they can't go any further than browsing around. This also still gives users access to the Business Store. Again, not the best method but it works for our business.

May 4, 2016 | 08:57 PM - Posted by Scott Michaud

I'll forward this to the person I mentioned in the post.

May 4, 2016 | 09:27 PM - Posted by Jeremy Hellstrom

Sadly, once your business is tied in with an O359 E1, 3 or 5 license, they've got a user.  Now there may be additional steps and network blocks which could help ... ain't no one got time for that!

May 5, 2016 | 12:32 AM - Posted by Anonymous (not verified)

That's not true at all.
That policy in no way prevents users from using Microsoft Accounts in the Store to download apps.

It only prevent users from logging into Windows with their Microsoft account. They can still log into the Store with the Microsoft account and install whatever they feel like on their employer-owned PC.

May 4, 2016 | 08:59 PM - Posted by Anonymous (not verified)

You need 500 or more licenses/machines just to qualify for an Enterprise licensing agreement and get windows 10 enterprise and be able to somewhat turn off all that windows 10 garbage for the enterprise OS builds! A lot of SMB and mom and pops that where using the "Pro" versions and not the enterprise versions of 7, 8.1 and now they are thoroughly BONED!

It's best for the SMB/MOM and POPS to stay with windows 7, and start thinking about going over to a Linux based option. For a lot of things windows 7 will have to be safely locked inside a Linux based VM product and run in a locked down from the outside internet environment. This does no mean that a SMB/Mom and Pop business can not still use windows 7 safely sand-boxed inside a VM instance while they transition to a Linux only environment.

There will be plenty of business opportunities going forward for helping people convert. I'm not using any doctor the uses a windows 10 non enterprise version with all the spying not able to be locked out, if M$ can ever be trusted with even its enterprise versions! It's best to go Linux and the whole internet uses Linux, so just begin the process towards going to Linux before 2020 gets here.

Look at what the Munich Linux Migration has achieved, and that software is open source, so maybe some SMB's could pool their resources and fund an SMD build and software package that they could all use and maintain. M$ has dumped on folks for too long, so start the process now before 2020 gets here. And learn how to use windows 7 locked down in a Linux VM instance that is not allowed to communicate outside your intra-net, locked away from any outside inter-net access. Run the outside/internet end of your business from a Linux based OS/client!

May 4, 2016 | 11:47 PM - Posted by BillDStrong

So, Microsoft sells business SKUs of Windows 10, and Pro is decidedly not one of those SKUs. Preventing the Pro version from disabling the mechanism they use to update their browser (Edge) and other built-in apps doesn't seem that harmful?

Aren't there still ways to white list apps to execute that include AppX packages? So it doesn't matter if it is downloaded, it can never be run?

And since Pro is marketed towards groups that don't generally use Group Policy Editor, and those groups should be smart enough to realize if they don't want to use the store, then don't use the store, I fail to see a big issue with this.

This sounds more like an instance of Microsoft pushing Businesses to use the SKU they make for Business.

Having the Store installed doesn't use any excess resources, and you can continue to use Win32 apps to your hearts content. Microsoft has committed to continue running win32 apps, even providing better ways to install and manage those apps with the new packager for easier install without messing up the computer.

If you are truly that worried about running win32 apps in 10 years, start funding ReactOS, and contributing to it. And since Win32 isn't much of a moving target now, it should be able to catch up, right?

May 5, 2016 | 02:12 AM - Posted by Scott Michaud

Edge is not updated through Windows Store. It gets security updates through Windows Update and feature updates through major builds. Also, "pushing businesses to use the SKUs they make for businesses" doesn't fly after purchase.

As for the statements of Win32, this decision puts a new perspective on it. If you're considering ReactOS, then that should be a huge warning sign (unless, of course, you are saying it from a distant perspective, wishing to give up Win32 support).

May 5, 2016 | 07:59 AM - Posted by Anonymous (not verified)

I want a PC/laptop with the hardware to run a type one hypervisor/VM facility. Luckily most all of the current 64 bit CPUs/SOCs support the necessary hardware features to run the type one style of hypervisor/VM software products that can be used to host any OS. So why not just require the PC/Laptop/other makers to offer a type one hypervisor option in addition to any of the bundled OS options forced on PC/laptop owners today! Let consumers get the VM software that allows them to install and run any number of OSs at the same time just by spinning up an instance of the OS under a VM/Type one hypervisor type of software facility. Users could easily run more than one OS instance of any current OS(at the same Time) and be able to run a wider range of software from many different OS/software ecosystems.

As far a M$ and its PC/laptop market monopoly, apparently it's going to take a lot of people complaining to the federal/state attorneys generals offices and their elected officials to get them to enforce the antitrust laws on the books. Better yet make it a campaign issue, and maybe there can be a new Trust Busting movement in the US, and other parts of the world and stop these market tactics from companies like M$, Intel, Comcast and others. PC/laptop bundling of any single OS should banned, and users should be given the choice at the retail counter to get their OS of choice and the PC/laptop OEMs should have to provide the driver disks for more than one OS, like requiring support for windows/Linux kernel based OSs/BSD based kernel OSs. Any too cozy agreements between third party PC/laptop OEMs and OS makers should be prevented under the antitrust laws already on the books and strengthened under new laws and regulations. The same for the too cozy arrangements between any single SOC/CPU/APU/GPU/other poocessor maker and the third party PC/Laptop OEMs!

May 5, 2016 | 08:13 AM - Posted by Anonymous (not verified)

P.S. that M$ windows secure boot Key signing authority needs to be stripped from M$ and placed with an independent and impartial third party industry standards organization! Third party OEM made PC/Laptop Firmware/hardware should not be totally under any attachments to any OS maker, as that is very unwise to allow M$ the software key athority over your third prty produced OEM PC/laptop hardware/software/OS ecosystem choices!

March 21, 2019 | 07:24 PM - Posted by JeaSaxofs (not verified)

Best Generic Levitra Prices viagra online prescription Viagra Y Cialis

March 21, 2019 | 07:27 PM - Posted by JeaSaxofs (not verified)

Best Generic Levitra Prices viagra online prescription Viagra Y Cialis

March 21, 2019 | 07:44 PM - Posted by JeaSaxofs (not verified)

Best Generic Levitra Prices viagra online prescription Viagra Y Cialis

March 21, 2019 | 07:50 PM - Posted by JeaSaxofs (not verified)

Best Generic Levitra Prices viagra online prescription Viagra Y Cialis

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.