Windows 10 customizations for enterprise desktops
Microsoft offers different services that IT can use to adjust its users' desktop experience. These Windows 10 customizations are a must in an admin's toolbox.
System administrators managing Windows 10 desktops can customize their systems for better protection and a controlled user experience. Microsoft offers five types of Windows 10 customizations that administrators can combine to fit their needs: Custom Logon, Keyboard Filter, Shell Launcher, Unbranded Boot and Unified Write Filter, or UWF.
These Windows 10 customizations are optional, so IT must enable them for configuration. Depending on how IT manages its systems, IT can use tools such as Unattend answer files, Windows Configuration Designer, Deployment Image Servicing and Management, Windows System Image Manager or Windows Management Instrumentation to configure these customizations.
The Custom Logon feature makes it possible to hide UI elements on the Welcome screen or shutdown screen. Administrators can block the Ease of access or Switch user buttons on the Welcome screen, or they can remove all elements on the Welcome screen and provide a custom login UI.
IT can still use compatible credential providers for custom sign-ins because Custom Logon does not affect Winlogon credential behavior.
Administrators can suppress the blocked shutdown resolver screen, which appears if open applications prevent Windows from shutting down. This will close all blocking applications and prevent users from canceling shutdown.
Administrators can use the Keyboard Filter customization to block individual keys or key combinations.
The Keyboard Filter feature automatically adjusts for physical keyboards, touch keyboards and the Windows on-screen keyboard. It can also detect dynamic layout changes, such as switching to another language.
The customization also enforces filtered key combinations across different systems. Administrators can block certain key combinations and work them across different keyboards.
The Keyboard Filter customization applies to both x86 and x64 architectures and supports numeric keyboards, as well as keys specific to browser and media functionality.
Administrators can use the Shell Launcher customization to replace the default Windows Explorer shell. IT can configure Shell Launcher to specify a dedicated application to launch when users log on to that computer.
Administrators can also set up Shell Launcher for designated users or groups. They can limit a shared computer to a single application for guest users, but allow administrators to log on to the default shell.
The Shell Launcher feature supports most applications and executables, with a few notable exceptions. Administrators cannot specify a Universal Windows application or an application that launches a different process and then exits from the custom shell.
Administrators can also control the system's behavior when the custom shell program exits.
With the Unbranded Boot, administrators can limit Windows elements on startup, resumes or when Windows encounters an unrecoverable error. Administrators can disable F8 and F10 keys on startup screens to prevent access to the advanced options menu. They can also configure the system to display a blank screen if Windows encounters an unrecoverable error.
Administrators cannot suppress a custom logo implemented through the Boot Graphics Resource Table on a device that supports the Unified Extensible Firmware Interface.
Unified Write Filter
The UWF customization can help administrators protect physical storage media on Windows 10 desktops. This feature applies to most supported writable storage types.
The UWF feature intercepts and redirects write operations to a virtual overlay. The write operations can include setting changes, file updates, application installations or other actions.
This feature is most beneficial for administrators supporting shared desktops. In this way, each user can work on the desktop as needed, even changing settings or installing software. Then, when the system reboots, the next user receives a clean environment, helping to increase reliability and security.
The UWF customization also makes it possible for read-only media to operate as though it were writable, at least during the current session. In addition, the feature can help reduce the wear that can occur on write-sensitive media, such as solid-state drives.