Posted on March 10, 2017 · Posted in Group Policies, Windows 10

Managing Start Layout and Taskbar Pinned Apps Using GPO

In Windows 10 RTM and Windows 8.1 were available only two modes to configure Start menu and Start Layout settings on a domain computers: you could either completely block any changes of Start Layout elements, or a user could change any layout settings. In  Windows 10 build 1511, a feature appeared to partially lock the elements of Start Layout, allowing the administrator to select, which groups the user couldn’t change. Thus, now users can change Start Layout elements except  for the group of corporate applications and shortcuts. Let’s consider the peculiarities of managing Start Screen, Start menu and Taskbar pinned apps in Windows 10 using GPO.

Start Layout Export/Import Using PowerShell

The easiest way to get Start Layout template is to manually customize desktop appearance and elements on a reference computer running Windows 10 (pin the app icons, group them, etc.) and export the settings to an XML file. Windows 10 manage Start Layout via GPO

You can export the current settings using PowerShell cmdlet Export-StartLayout:

Export-StartLayout –path c:\ps\StartLayoutW10.xml

Later you can import this layout to another computer as follows:

Import-StartLayout –LayoutPath c:\ps\StartLayoutW10.xml  –MountPath с:\

Note. MountPath specifies the path where .wim file of the system image is mounted.

After the command has been executed, the file Layoutmodification.xml appears in C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\. It contains the settings of Start Layout. These settings are not applied to the current users. The template with these settings will be applied to the profile of any new user at first logon.

Start Screen Layout Distribution Using GPO

To disribute a file containing Start Screen Layout to domain computers using GPO, copy the file to some network share (users must have read access to this directory). Then run Group Policy Management Console (GPMC.msc) and create a new policy or edit the existing one and assign it to the users OU.

In Group Policy Management Editor, find the policy with the name Start Screen Layout (the policy can be set both in User Configuration or in Computer Configuration section) -> Policies -> Administrative Templates ->Start Menu and Taskbar.

Start Screen Layout  policy

Note.This policy can be configured from any computer if the following administrative templates are installed: StartMenu.admx and StartMenu.adml (they already exist in Windows 10 / Server 2016).

Open the policy, enable it and in Start Layout File field specify the path to the XML file containing Windows 10 Start Screen Layout (for example, \\srv1\share\StartLayoutW10.xml).

Start Layout XML File

Important. By default, when specifying the settings of the Start Screen for users with the help of GPO, users cannot change its elements. To allow a user change the elements, use Partial Lockdown feature described in the following section.

Partial Lockdown of Start Screen Layout

Partial Lockdown that appeared in version 1511 of Windows 10 allows to specify groups of Start Screen tiles that will be locked for users. A user can configure other parts of Start Screen Layout to its taste.

To set the locked groups of Start Layout, manually edit the XML file with the layout using any text editor.

Open our file StartLayoutW10.xml and find the following section in it: <DefaultLayoutOverride>. The attributes of this section should be changed to <DefaultLayoutOverride LayoutCustomizationRestrictionType=”OnlySpecifiedGroups”> LayoutCustomizationRestrictionType

Save the changes in the XML file and distribute it to client PCs using GPO. Thus, only groups indicated in the XML file will be locked. All other groups, their contents and element settings can be changed by users.

BUT this feature works only in Windows 10 Enterprise and Education.

How to Manage Apps in the Taskbar Using GPO

Another popular corporate requirement is the management of pinned app icons in the Taskbar using a Group Policy. The list of pinned icons of the Taskbar is located in %APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar setting pinned taskbar apps using gpo

And the settings of the pinned apps are stored encoded in the following registry branch HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

To distribute these Taskbar settings to the corporate computers, export the contents of this branch to a REG file:

reg export HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband c:\script\PinnedItem.reg

Copy this REG file and the directory containing icons (%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar) to a network share. In the Domain Group Policy Editor (User Configuration- > Policies -> Windows Settings -> Scripts (Logon/Logoff) -> Logon), add a logon script with the following code:

@echo off
set Logfile=%AppData%\pinned.log
if not exist "%Logfile% (
IF EXIST "%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" GOTO NOTASKDIR
del "%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*" /S /Q
xcopy /E /Y "\\srv1\share \PinnedItem " "%APPDATA%\Microsoft\Internet Explorer\Quick Launch\User Pinned"
regedit.exe /s "\\srv1\share\PinnedItem.reg "
echo PinnedItemImported on %date% at %time% >> %LogFile%
taskkill /IM explorer.exe /f
start explorer.exe

gpo: logon script
Thus, at the logon, a user will see the corporate set of pinned app icons in the Taskbar.

Note. The check if the file %AppData%\pinned.log exists is included in this script. If the file exists, this script has already been run in the system and it doesn’t have to be reapplied so that a user could delete or add its own icons in the Taskbar.

Related Articles