Jump to content


  • 0
keety

Windows 8.1 store GPO's - a quick guide of you're having issues

Question

Hi guys, not sure if this is the right place, but thought I'd post this up as I've spent a week trying to figure out how to get the Windows store working properly in our environment.

 

Our environment is highly locked down because of the nature of what we do. Because of this the Windows store has been disabled. We've started trialling various Windows 8.1 devices for use as mobility solutions and it quickly became apparent that without the ModernUI apps the devices were basically very expensive laptops. Our users were after devices that had the freedom of an Ipad crossed with the functionality of a laptop, there are a whole load of ModernUI apps that offer some of this functionality (such as MDM solutions that don't require a two factor authentication etc)

 

So there are 4 GPO's that control access to the store

 

Computer

System\internet communication settings\Turn off access to the store

Windows components\store\Turn off the store Application

User

System\internet communication settings\Turn off access to the store

Windows components\store\Turn off the Store application

 

I configured these thinking "Great, nice and simple.."

 

But no. What did I get? Well I either got the green windows store screen, with a spinny logo that sat there for at least a day (I was angry at this point and was about to throw it out the window so thought I'd better leave it alone) or if I actually managed to get into the store I couldn't install anything, I'd click on install and get a message popup straight away

 

Your purchase couldn't be completed Something happened and your purchase can't be completed. Error code 0x8024500c

Moving the machine into an OU with no GPO's (bar default domain policy) applied it worked. Moving back into a standard OU with our standard GPO's it broke again... ARAGGGH!!!

 

So I spent a good 5 days trawling through the hundred's of GPO's, turning them all on and off individually using local group policy...the event log was filled with errors... googling the above error message or any of the event log errors produced the sum total of f'all (go google that error and see what you get).. I'd followed all the tips I could find about getting the store working (re registering the appx store app, resetting the store cache, even redoign our build with a fresh wim from the Microsoft volume licensing site)

 

I was about to throw the towel in and contact Microsoft when I had a brainwave....

 

When the error message was appearing, it was appearing instantly, there was no waiting around 2 mins for a time out, no thinking about it, just BANG! Get lost,you're not having this app!

 

That, I figured meant it knew it wasn't allowed to go to wherever it was going so it didn't even bother...

 

So what do I stop Windows from talking to on the internet... what don't I need windows to talk to on the internet because we handle it all using System Centre... Windows updates!!!

 

BINGO!

 

Computer

Windows components\Windows update\Do not connect to any windows update internet locations

 

The blinking description even mentions (Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.) that enabling this policy wills top the store from working! ARRRGGGHHHHH!!

 

If anyone's interested in how (in a restricted environment) we're locking down the store (this is a proof of concept for 50 users so we're not going down the Intune or sideloading road yet), we're allowing access to the store and then using applocker to block the apps.

 

We have one deny rule in blocking all apps and then put in exceptions for the apps we want to allow. It's fiddly building up the list but it works and our users and internal security team are happy!

 

Anyway, as I said, I thought I'd put this here in case anyone else is having the same issues (as I know the site gets crawled by google).. I'm off to the pub now for a couple of cheeky beers....

  • Like 1

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.