Windows 10 Powershell to remove all bloatware apps

Because why do we want Twitter on Windows 10 Pro…or an xbox app…or 800 other things

This doesn’t disable the store, because that breaks the calculator.

There is no use of -AllUsers switch because that would only apply to the machine if the user had previously logged in. For example Bob logs into the computer and his login script executes below with -AllUsers switch Joe logs into the computer after Bob, and will still see all the apps.

You’ll need to save this in a .ps1 file!

$AppList = @(
"Microsoft.3dbuilder"
"AdobeSystemsIncorporated.AdobePhotoshopExpress"
"photoshop"
"Flipboard.Flipboard"
"MSN"
"sway"
"Microsoft.FreshPaint"
"Microsoft.Office.Sway"
"Microsoft.WindowsAlarms"
"Microsoft.Asphalt8Airborne"
"microsoft.windowscommunicationsapps"
"Microsoft.WindowsCamera"
"king.com.CandyCrushSodaSaga"
"Microsoft.DrawboardPDF"
"Facebook"
"BethesdaSoftworks.FalloutShelter"
"FarmVille2CountryEscape"
"Microsoft.WindowsFeedbackHub"
"Microsoft.GetHelp"
"Microsoft.Getstarted"
"Microsoft.ZuneMusic"
"Microsoft.WindowsMaps"
"Microsoft.Messaging" "Microsoft.Wallet" "Microsoft.MicrosoftSolitaireCollection" "Todos" "ConnectivityStore" "MinecraftUWP" "Microsoft.OneConnect" "Microsoft.BingFinance" "Microsoft.ZuneVideo" "Microsoft.BingNews" "Microsoft.MicrosoftOfficeHub" "Netflix" "OneNote" "Microsoft.MSPaint" "PandoraMediaInc" "Microsoft.People" "CommsPhone" "windowsphone" "Microsoft.Print3D" "flaregamesGmbH.RoyalRevolt2" "WindowsScan" "AutodeskSketchBook" "Microsoft.SkypeApp" "bingsports" "Office.Sway" "Microsoft.Getstarted" "Microsoft3DViewer" "Microsoft.WindowsSoundRecorder" "Microsoft.BingWeather" "Microsoft.XboxApp" "D5EA27B7.Duolingo-LearnLanguagesforFree" "Microsoft.NetworkSpeedTest" "Microsoft.FreshPaint" "Microsoft.BingTranslator" "ActiproSoftwareLLC.562882FEEB491" "46928bounde.EclipseManager" "7EE7776C.LinkedInforWindows" "Microsoft.BingNews" "Microsoft.MinecraftUWP" "king.com.CandyCrushSaga" "king.com.CandyCrushSodaSag"
"Microsoft.WindowsMaps"
"Microsoft.Wallet"
"Microsoft.GetHelp"
"Microsoft.Print3D"
"Microsoft.Getstarted"
"Microsoft.BingWeather"
"Microsoft.Microsoft3DViewer"
"Microsoft.Office.OneNote"
"Microsoft.ZuneMusic"
"Microsoft.ZuneVideo"
"Microsoft.MicrosoftSolitaireCollection"
"Microsoft.SkypeApp"
"AdobeSystemsIncorporated.AdobePhotoshopExpress"
"A278AB0D.DisneyMagicKingdoms"
"Microsoft.BingWeather"
"Microsoft.People"
"Microsoft.Office.Desktop"
)
foreach ($App in $AppList) {
Get-AppxPackage -Name $App | Remove-AppxPackage -ErrorAction SilentlyContinue
}

Office365 – Use DKIM to validate outbound email

By default Microsoft will only enable DKIM signing on your “Initial Domain”

Why use DKIM when you already utilize SPF? It’s simple! They will work in tandem.

SPF adds information to a message envelope but DKIM actually encrypts a signature within the message header.

When you first sign up as a Tenant within Microsoft Office 365 you are greeted with an “Initial domain” that ends in .onmicrosoft.com – For example, mine is D3V1N.OnMicrosoft.com

As you go through the verification process to verify the domains you own, or purchase domains from Microsoft or Microsoft Partners, you will see your domain(s) start populating in your Microsoft 365 Admin Center

Once your domain has been verified, you can start the process of using DKIM

In this guide we will keep it simple – We will utilize the Microsoft Office 365 Admin Center to change the DKIM settings, however an alternative method exists in which you can use PowerShell to accomplish the same end goal.

 

Let’s begin!

 

  1. Navigate to your Domain DNS settings – In this case I am hosting this website with GoDaddy. We will be adding two CNAME records to our domains DNS.
  2. Generic - Please Refine to fit your domain!

    HostnamePoints To AddressTTL
    selector1._domainkey.selector1-domainGUID._domainkey.initialDomain 3600 (1 Hour)
    selector2._domainkey.selector2-domainGUID._domainkey.initialDomain3600 (1 Hour)
    Three things need to be changed to fit your domain: <domain> — <domainGUID> — <initialDomain>
    1. Domain: Your domain name
    2. domainGUID: domainGUID is the same as the domainGUID in the customized MX record for your custom domain that appears before mail.protection.outlook.com (HINT: Check your DNS records for MX entries)
    3. initialDomain: The domain you created when joining O365 – Look for the OnMicrosoft domain!
  3. Here is my configuration for D3V1N.NET as an example: 

    D3V1N.NET Specific DNS Settings

    HostnamePoints To AddressTTL
    selector1._domainkey.d3v1n.netselector1-d3v1n-net._domainkey.d3v1n.onmicrosoft.com3600 (1 Hour)
    selector2._domainkey.d3v1n.netselector2-d3v1n-net._domainkey.d3v1n.onmicrosoft.com3600 (1 Hour)
  4. BREAK! You may need to wait up to 48 Hours for DNS to update – Once you verify DNS has been updated, proceed to the next step.
  5. In the left navigation, expand Admin and choose Exchange.
  6. Go to Protection > dkim.
  7. Select the domain for which you want to enable DKIM by left clicking it, and on the right you should see “Sign messages for this domain with DKIM signatures” – choose Enable.

 

Send an email to an outside domain in which you can receive it to inspect the message header to verify DKIM is working!