Windows Insider Preview: Enhanced removal of pre-installed apps

Microsoft is distributing new preview versions of Windows in the Insider channels. Among other things, the developers have a more flexible policy for removing pre-installed apps in mind.

Microsoft's developers write this in the announcements for the current preview version in the Windows Insider Developer (KB 5079464, Build 26300.8068) and Windows Insider Beta Channel (KB 5079458, Build 26220.8062). There, they emphasize that the "Remove Default Microsoft Store packages" policy for Windows in Enterprise and Edu environments will now receive a dynamic app removal list. This allows admins to uninstall MSIX and APPX apps by adding their App Package Family Name (PFN) to the list.

In the Group Policy Editor "gpedit.msc", it is located under "Computer Configuration" – "Administrative Templates" – "Windows Components" – "App Package Deployment" – "Remove Default Microsoft Store packages from the system". In the selection list, at the bottom, you will find the entry "Specify additional package family names to remove". The app family name can be found using a command in the terminal. Microsoft gives Notepad as an example: Get-AppxPackage *Notepad* | Select-Object PackageFamilyName. Currently, however, the function is still missing in the management software Intune in the policy Configuration Service Provider (CSP).

Improvements in PC setup

In addition to the PC name, which can be specified during Windows installation, the new Insider previews now also allow you to choose a custom user folder name. This is the profile directory that contains folders like "Documents", "My Pictures", and so on.

An important change concerns the Windows driver policy. Previously, the Windows kernel loaded third-party drivers that were signed with a so-called Cross-Signed Root Certificate or by the Windows Hardware Compatibility Program (WHCP). Microsoft is dropping the Cross-Signed Root program, which allowed Certificate Authorities (CAs) to trust the public key of another CA's root certificate. As a further consequence, Microsoft revokes trust from drivers with such cross-signed certificates; the Windows kernel will only load WHCP-certified drivers. This is intended to improve security.

Specifically, Windows still includes a list of trusted publishers and drivers from the cross-signing program, so the step is not too radical at first. The function initially runs for 100 hours and three reboots in "Audit Mode". If Windows detects that the drivers are compatible with the new function, it activates the function. Otherwise, the system remains in audit mode. Users may then be confronted with notification dialogs from "Windows Security" indicating that a driver has been blocked.

Another new feature is intended to allow Windows recovery using restore points at specific times. When the function is activated, Windows automatically creates restore points at scheduled intervals, for example, every 24 hours. This allows different restore points on the system to be rolled back as needed using Recovery. The recovery environment also supports the new function and displays operating system versions in a four-part format instead of just two parts.

Two weeks ago, Microsoft provided Insider previews with an updated Paint version that can rotate selections. In addition, Windows has since supported a "Lock Batch" function, which prevents batch files from being modified unnoticed during execution and which works much more performantly than the previous corresponding security function.

(dmk)