Has imaging machines with Windows 10 turned into a nightmare because the Start Menu, Cortana, and even the Action Center would not work once the Domain GPO had been pushed to the machines?
I had gone through what seemed like 100s’ of blogs and tried everything they suggested and nothing worked (I will include those steps at the end, in case they may help your situation). At one point I even thought the image may have been corrupted so I re-made a new reference image for deployment. They too stopped working once the Domain GPO has been updated.
Once I had come to an epiphany that it was indeed a Group Policy Object that was causing the issue I began to remove the GPOs one at a time until I isolated the issue to one Group Policy in particular. I then started with the most logical part, of the GPO, that I thought may be the issue.
The biggest part of the effected GPO was dealing with AppLocker. So, I started by disabling the “Application Identity Service” that the GPO turned on. I did a “gpupdate /force” and restarted the computer. Instantly the Start button, Cortana, and the Action Center started to work. However, I could now use PowerShell which was the main program I wanted to be disabled to the student’s account. The next step was to replace and find a way to continue to use AppLocker, and make the Start Menu, Cortana, and Action Center work properly. Here was the fix I found after much replaceing and testing:
The first Step is the open the “Group Policy Management” MMC and navigate under “Computer Configuration” to “Policies”, “Security Settings”, “Application Control Policies” then expand “AppLocker”.
The problem appears to be with the way “AppLocker” works with Exe Rules and Windows 10. The solution is to right click on “Packages App Rules”, highlighted in red in the picture above.
The click on “Create Default Rules”, highlighted in red above.
You will see that it creates a default rule to allow everyone to use signed package apps.
The next step is push out the Group Policy to whatever collection using “Group Policy Management” MMC in Server 2012, do a “gpupdate /force”, or wait 2-4 hours for the group policy to apply by itself. Then you will need to do a restart of the machines. After that all Exe Rules should still work, and you will have access to Start Menu/Cortana etc..
This fix only works if you have a GPO that has “AppLocker” setup. If this post doesn’t help you may want to try some of the other work arounds for Start Menu/Cortana not working.