Don't really know I'm afraid. But I know that other Microsoft ''business'' subscriptions (Office 365 ProPlus, Intune) can also be directly bought from MS (so not only through partners). Maybe it'll be the same with this.
Very easy fix for skipping the lock screen just auto login, works with your local or MS account Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="1" "DefaultUsername"="Your user name" "DefaultPassword"="Your Password" "ForceAutoLogon"="1"
You don't even have to supply your password in plaintext in registry for this to work. Just do these steps: - Win+R, "control userpasswords2" - click on your username - untick checkbox above - hit "OK" and supply your password one last time
The important thing to mention here is that it would be incredibly stupid to put your password in a place like that, where it can be read even by users/processes running without admin privileges.
I upgraded my test virtual machine (Pro 1511, lock screen and crapware disabled with policy) to 1607. At least the start menu didn't immediately show advertised apps for the preexisting local account. I made a new local account and sure enough, the start menu crapware was there and auto-installing. I tried removing with PowerShell all removable installed and provisioned UWP apps from the machine (also the Store). It doesn't help, at least Twitter still auto-installs. But some crapware icons now tell that "you'll need a new app to open this ms-windows-store" Any way to stop this, as cleanly as possible (without breaking the OS to much..)? Could custom firewall rules work, or does it just bypass them?
Continuing: I mounted the VHD offline and renamed folder C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy. After this I started the machine and created a new user, now the start menu crap didn't appear. ContentDeliveryManager has a subfolder "Experiences" that tipped me off.. There is no exe file for the firewall rule in ContentDeliveryManager, just dlls ContentManagementSDK.dll and ContentDeliveryManager.Background.dll. I bet someone with actual knowledge and coding skill would quite easily block the needed "experience" (advertising) functions in W10, without touching the OS itself. This kind of OS butchering is not optimal, and Windows might just auto-repair the system app I renamed away.
Thanks for the tip, I continue playing with this tomorrow. That screen has a User column so I guess it affects only a single user. Could the same rule also be applied to all users?
All firewall rules are system-wide, I made a mistake while creating the rule and that column should not have been visible... I've updated my post with the correct instructions
I just gave it a go and I still get the lock screen and also still have to enter a password so looks like your method doesn't work, anyway I don't really give a crap if my password is stored in the registry, been using this method for about 6 years now and never had a problem with it.
That's not my point. With this setting any executable you happen to run on your machine will be able to obtain your account name (obviously, but it may be your Live ID) and your password, whether you use disk encryption or not. That's the "biggie".
Not sure about the rights needed to read it, but I think you need the admin rights. Whatever, nowadays with the people using any crap from MS Google, FB, and so on w/o a blink that seem the lesser problem
I just think that the users are usually divided in careless and paranoid, personally I try to stay in the middle. Better to have some common sense on what I download than being paranoid about a logon password which is useless for a great share of the users.
As I wrote in an earlier post, this is exactly what people will do when MS take away the options to control your windows. They/Microsoft open security holes.....
What is a ps entry? Anyway, I created the rule dmex posted and now it still managed to create the icon placeholders but cannot fill them. When the directory C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy is renamed, even those placeholders stay away. Edge is of course still there as a system app. Now to test how the lock screen ads behave, I guess this trick blocks also them.