Overview

In Deep Freeze Mac, it is possible to enable the "Restart instead of Log Out" switch which will allow the Mac to automatically restart when you log out of your account when Deep Freeze is enabled.  However, if the log out delay takes an extended amount of time, the Mac will finish the log out sequence but the reboot will not occur.

sudo defaults write /Library/Preferences/com.faronics.dfxcontrol rebootDelaySeconds -integer 15

This problem generally occurs on workstations running an nVidia nForce based motherboard chipset. nForce IDE drivers report the characteristics of devices attached to the IDE controllers in a certain way that prevents Deep Freeze from functioning properly.
nForce IDE drivers with version numbers earlier than v6.66 "WHQL" will display this type of behavior. To resolve this issue, it is recommended that the workstation be updated to the latest version of the nForce IDE drivers. If updated versions of the IDE drivers are not available for your specific platform, remove the IDE drivers for Deep Freeze to function properly.

In some cases, workstations may be configured with an IDE or SATA raid controller. In such a scenario, updating the driver may require that the operating system be re-loaded. Also, the updated driver should be used to allow Windows to see the RAID array during Windows installation.

Please note that if updated SATA / IDE RAID drivers are not available, the system will not be able to run Deep Freeze when the computer boots from the SATA RAID controller. To resolve this issue, configure your computer with the hard disks connected to a non-RAID controller that can be seen by Windows without the use of the SATA RAID Driver.

This occurs due to a security feature of Deep Freeze. If the Deep Freeze Enterprise Console detects that it has been moved to a new computer, it will re-request authorization to run. This is to prevent a rogue Enterprise Console from taking control of your computers. In some cases, computers with multiple network cards (such as both a wired and a wireless connection) or computers with a network card that has been replaced can generate this type of behavior even if the Enterprise Console is not moved to a new computer.

In Deep Freeze Enterprise 6.3 or later, a custom Enterprise Console can be generated that allows the activation option to be disabled using the Deep Freeze Console Customizer that is included in the downloadable .zip file of Deep Freeze Enterprise.

Disable Deep Freeze before uninstalling it.

To disable Deep Freeze:

1. Hold down the shift key and double-click the Deep Freeze icon. Alternatively, you can press CTRL+ALT+SHIFT+F6. 
2. Enter your password and click OK.
3. If you have not yet entered a password you should be able to click OK without entering a password.
4. The Boot Options dialog is displayed. Select "Boot Thawed" and click OK. This will disable Deep Freeze on the next reboot.
5. Reboot your computer. After the computer reboots, you are ready to uninstall Deep Freeze.

To uninstall:

1. Locate the installation file you used to install Deep Freeze on your computer. By default, the name of this file is called "DF5Std.exe" for versions 5.X and "DF6Std.exe" for versions 6.X.
2. Run the installation file (DF5Std.exe or DF6Std.exe).
3. Select the option to "Uninstall"

Deep Freeze is uninstalled and your computer is rebooted.

Deep Freeze is compatible with nearly all hardware and software available on the market today. The product is tested extensively to ensure that no issues are found during day to day use. A list of known hardware and software issues are listed below. If you have issues that you suspect may be related to hardware/software incompatibilities not listed below, please contact Faronics Technical Support for further assistance.

Card readers

Some USB card readers appear to the operating system as hard disk drives. In some cases, these card readers can cause issues once Deep Freeze is installed. You can use any of the following workarounds:

• Replace the drivers used by the card reader with standard Windows drivers. This may remove any special features found in the card reader.
• Ensure that media is not present in the card reader when Deep Freeze is installed.
• Disconnect the card reader when Deep Freeze is being installed.

nVidia  Motherboard Chipset Drivers

Older versions of the nForce IDE drivers might cause issues with some versions of Deep Freeze. These drivers do not identify storage devices and can result in minor issues or serious system problems.

Use newer versions of Deep Freeze (6.3 or higher) and updated versions of the nVidia ForceWare drivers to avoid these issues. If you have problems with a nForce based motherboard install the updated nForce IDE drivers and run Deep Freeze 6.3 or higher.

The latest nVidia drivers can be found at: http://www.nvidia.com

Roxio EZ-CD Creator

Some versions of Roxio’s EZ-CD Creator might remove entries from the registry that are required for the proper operation of Deep Freeze. If you encounter problems running Deep Freeze on a computer that has Roxio installed, check the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
Keyname: UpperFilters
Value: PartMgr

Editing the system registry in this area can be hazardous. If you have concerns about editing the system registry, please contact the Faronics Technical Support team for assistance.

If the above value is not listed in the registry, problems might occur when installing Deep Freeze. If values other that PartMgr are listed, they should not be removed. Removing the value in the registry can result in problems with the workstation that may not be recoverable. If you have any concerns about editing the registry, please contact Faronics Technical Support for assistance.

There are no backdoor passwords to Deep Freeze. Faronics cannot recover lost, forgotten, changed, or otherwise misplaced passwords or Customization Codes.

For Deep Freeze Enterprise:

Using our unique One Time Password system, Deep Freeze Enterprise Administrators can generate One Time Passwords (OTP). To generate an OTP:

1. Open the Deep Freeze login dialog on the workstation for which you need to generate the OTP.
2. Write down the Token code which is located at the top of the login dialog.
3. Open the Deep Freeze Configuration Administrator and click the One-Time Passwords tab or open the Enterprise Console and click on Tools > One Time Password.
4. Enter the code you recorded into the Token field and click Generate OTP. Another code will appear in the OTP field. The second code is the password for the workstation.

The newly generated One-Time Password can then be used to disable, uninstall, and re-install Deep Freeze with the correct password.

For Deep Freeze evaluations (with no License Key entered):

1. Restart the computer.
2. Enter the system BIOS settings.
3. Advance the clock by at least 60 days and then restart your computer. This will disable the software.
4. After the system has started, run the Deep Freeze installation program to uninstall Deep Freeze.
5. After the computer reboots, re-enter the BIOS and reset the clock to the current date. You can then re-install Deep Freeze after restarting.

If you are running a licensed copy of Deep Freeze Standard submit a ticket and we can look into the issue further to see if there are any other options avalalbe to assist you.

The Customization Code is a unique key provided by the customer. It makes every installation of the software unique and prevents a rogue user from taking control of the workstations running Deep Freeze using their own copy of administrative tools. A workstation will only communicate with a Console and can therefore only be controlled by a Console if the workstation and the Console have matching Customization Codes. The One Time Password Generation System will only generate a valid One Time Password (OTP) if the workstation and the source of the OTP Generator (Configuration Administrator or Enterprise Console) have matching Customization Codes.

The Customization Code needs to be provided only to users trusted to manage all aspects of the workstations. With a valid Customization Code, users can remove Deep Freeze from any protected workstation, whether or not they possess a valid password. Conversely, a lost Customization Code can result in serious issues when attempting to upgrade an existing installation of Deep Freeze and can result in a large amount of work to recover from.

Faronics cannot recover a Customization Code that has been lost or misplaced.

Overview

This document describes design aspects of User Defined Groups filtering enhancement, which was introduced in version 8.20 of Deep Freeze Enterprise Console.

Introduction

In Deep Freeze Console versions below 8.20 there was a User Defined Group filter option, that was solely based on Workstation name, where “?’ and “*” wildcards could be used. In version 8.20 User Defined Groups have been enhanced, allowing to use filters based on workstation statuses shown in other columns on Deep Freeze Console. When workstation status in specific column(s) changes, the filter dynamically adds or removes workstations from filtered Groups based on the filter criteria.

Group filters description

Group filters can be created based on following values appeared in the Enterprise Console columns:

• Workstation

• Workgroup

• IP Address

• Status

• Configuration

• Configuration date

• Installation File

• Version

• Operating System

• MAC Address

• Login Name

Depending on the Column, the filter can use various types of comparisons:

• Equals

• Not Equal To

• Less Than

• Less Then or Equal To

• Greater Than

• Greater Then or Equal To

• Regular Expression

Group filter now allows the addition of a second filtering rule combined with first rule using OR/AND logic.

Filter Column types and values

Internally Column values split into following types:

String type. In this case the Group filter compares against the plain string value entered in tje User Group Add/Edit dialog. The following columns have string type values:

• Workstation

• Workgroup

• IP Address

• Status

• Configuration

• Installation File

• Operating System

• MAC Address

• Login Name

The comparison type can be “Equal”, “Not Equal To” or “Regular Expression”. For “Equal”, “Not Equal To” comparisons the value string can use “?” and “*” wildcards the same as in previous versions. The status column filter has only “Equals” and “Not Equal To” comparisons and cannot use wildcards since the value string is selected from a drop-down list of pre-defined Status values specific to the current UI language set in the Deep Freeze Console. When switching Console UI language, the “Status” Column filter does not update with values in corresponding language. In this case the filer must be re-created or edited with new corresponding values of a given language.

Numeric type. The version column is of a numeric type. The comparison type can be “Equals”, “Not Equal To”, “Less Than”, “Less Then or Equal To”, “Greater Than” or “Greater Then or Equal To”. Since a higher version always has higher build number, internally the filter compares just against the build number (last four digits in the version number) and ignores the rest of digits which includes major/minor version number and product code. Therefore, it is not necessary to provide the full version number in a value string, but a four digits build number only – it will have same effect as providing full version. As for a numeric type the filter will not recognize wildcards.

Date type. The Configuration Date column is of a date type. The comparison type can be “Equals”, “Not Equal To”, “Less Than”, “Less Then or Equal To”, “Greater Than” or “Greater Then or Equal To”. The filter value is entered using a date picker and internally stored as a numeric value counting a number of days since 1900. Since the Configuration Date filter is internally represented with numeric value, it is not affected by changing Console UI language or system date format.

Blank values in Group filters

In some cases the specific column may show blank for the given workstation. This may happen, for example, when the older version of workstation does not support a specific status, since it was introduced in later versions (eg. Operating System, Login Name). For Group filters the blank column is treated as a “blank” value. If it is required to use a filter based of the blank value criteria, the value field in the Group Add/Edit dialog must be left blank and Comparison type must be set to “Equals” or “Not Equal To”.  Other comparison types are not applicable to a blank value.

Console Upgrade and Exporting User Defined Group

During an upgrade from previous versions of Deep Freeze Console to version 8.20 onwards, User Defined Groups will be converted to the new format. Filtered groups from previous versions will be represented with a new filter based on Workstation column with “Equals” comparison and the same string value as it was in old Group including wildcards. Therefore the behavior of converted filtered Groups of previous versions remains the same.

Similarly, importing Groups of previous versions will correctly convert them into the new format of version 8.20.

However, Groups are not backwards compatible. Therefore, when user would downgrade Console to previous version or import Groups into older version of Console, the Group structure will not be shown in Deep Freeze Console.

Remote Console setup

When remotely connecting Console of version 8.20 onwards to Deep Freeze Server Service of version 8.12 and below, it will correctly pull the Group structure from Server Service and convert to new format similarly to Group importing.

However, when remotely connecting Console of version 8.12 and below to Deep Freeze Server Service of version 8.20 onwards, it will not show Groups due to backwards incompatibility mentioned above.

Overview

When running Windows 8 users who have configured the operating sytstem to be protected  by Deep  Freeze may find that the operating system will not allow them to boot an operating system other than the default one. This occurs due to changes in the Windows 8 boot loader that effectively require Deep Freeze to protect the operating system at this stage preventing users from changing the boot device.

Solution

This can be resolved by setting the computer to use the older style of boot loader by running the following commnad;

 bcdedit /set {default} bootmenupolicy legacy

To revert this change run the command below;

    bcdedit /set {default} bootmenupolicy standard

Overview

This document will detail the recommended practice for configuring a 3^rd party antivirus solution to update properly when Deep Freeze is protecting a workstation.

Introduction

Deep Freeze provides administrators with a way to protect workstations from changes by rolling back any change made to the computer at reboot. Deep Freeze does not make any distinction between changes that are malicious, or changes that are desired on a workstation and this can pose some challenges in managing 3^rd party products that require updates to occur on a periodic basis.

The most common interaction that we find on customers workstations is between antivirus software and Deep Freeze. Antivirus software by design requires periodic updates to maintain it’s effectiveness on a client workstation, and problems may arise unless steps are taken to ensure that the antivirus software can perform updates in a timely manner.

Scheduled are used to configure the antivirus software to update in a timeframe where Deep Freeze will not be protecting the workstations. This has the advantage of being one of the less difficult methods to configure but does require that the workstations have a period of time where they will not be used and can be configured to update automatically. 

Configuring Trend Micro Business Security to update with Deep Freeze

Trend Micro's Business Security supports the use of a command line function that can be used to trigger antivirus updates when the workstations enter into maintenance mode. To configure Deep Freeze to trigger Trend Micro to update when maintenance mode starts follow the process below:

Deep Freeze 7.5 or Higher

11. Install the updated workstation install file on your workstations.

This document will detail the suggested best practices for the running of Windows Updates on a workstation protected by Deep Freeze.

Faronics Deep Freeze includes the ability to automate the process of applying updates to protected workstations through the use of a scheduled maintenance period on the client workstations. This will automatically boot the computer into a non-protected (Thawed) state and begin the process of downloading the applicable updates to the client workstations at a time designated by the administrator of the systems. To ensure that updates are delivered in a timely manner there are a number of options that Faronics recommends be configured on the client systems.

Deep Freeze handles the process of installing updates to Windows by interfacing with the Windows Update API during a scheduled maintenance period. This scheduled maintenance period will disable Deep Freeze automatically and install and applicable updates on the client computers. The scheduled maintenance tasks are configured in different locations depending on the version of Deep Freeze that you are using;

• Deep Freeze Enterprise – In the Deep Freeze Configuration Administrator on the Workstation Tasks page.
• In Deep Freeze Cloud – In the Deep Freeze page of the policy settings for your workstation under the Workstation Tasks page.
• Deep Freeze Standard with Cloud Connector – In the Deep Freeze page of the policy settings for your workstation under the Workstation Tasks page.

The maintenance events should be configured for a timeframe where the workstations are expected to be online, but not required by the users. The table below lists the recommended settings for running Windows Updates;

Note – for 1:1 deployments or situations where a system may not be online when the scheduled maintenance is required administrators will need to either arrange for a time when the machines can be brought online, either by the end user or administrative staff, for purposes of applying updates.

Update Frequency

Faronics recommends that customers install updates on a frequency that fits with their patch management processes and any regulatory requirements that they may be subject to. In the event that these criteria do not exist we suggest configuring so that updates be deployed in two stages with one smaller group of machines receiving updates immediately once they are approved, and a second group of the remaining machines having updates installed after they have been in place on the first group of machines without issue for a period of time. This allows the smaller group of machines to provide advance warning of any problems with the update process without putting an entire enterprise at risk of issues due to problems with a bad update.

Advanced Settings

Deep Freeze incorporates a number of Windows Update specific settings on the Windows Update screen of the Deep Freeze Configuration Administrator and the Windows Update page of the Deep Freeze settings in the Deep Freeze Cloud Policy. These settings are listed below along with our recommendations.

Windows Software Update Services

WSUS is a component of the Windows Server operating system that can be added to an existing server through the Add Roles / Features wizard in the Server Manager on Server 2008 or Server 2012. When updates are downloaded through the Microsoft Update Service Deep Freeze will only install updates that have been marked as Critical or Security updates. When using a WSUS server a greater degree of control over the updates and how they are provisioned can be exercised as updates can be approved or withheld on machines according to the wishes of the systems administrators.

Windows 10 Specific Concerns

Windows 10 has greatly reduced the number of options that administrators have for the application of updates to the client workstations in some editions of Windows. Deep Freeze will still function and control the update process on the client workstations however Windows 10 may change the type of updates delivered to the client workstations depending on what version of Windows is installed and if the administrators are using a WSUS server. Customers who wish to maintain control of the update process should investigate using the Long Term Service (LTS) branch of Windows 10 Enterprise and a WSUS server in their environment.

Customers should consider selecting the option to Defer Upgrades in the Windows 10 Update settings if they are running the Professional or Enterprise versions of Windows as this will prevent the installation of feature upgrades from happening automatically. However, this will require manual intervention at some point as Microsoft will stop pushing updates to older editions of Windows until the upgrades are installed.

While the authors of this document believe that these upgrades will take a similar form to the upgrade from Windows 8 to Windows 8.1 until Microsoft releases an update of this nature selecting this option will provide administrators the ability to assess these upgrades before deployment for any potential impact.

Updates using 3^rd party tools.

For customers who are using 3^rd party tools to manage updates care should be taken to ensure that updates can be scheduled during a time when Deep Freeze is thawed to prevent conflicts. Due to the nature of Deep Freeze it is not recommended that more than one application attempt to control the update process. If a 3^rd party platform is to be used Administrators should ensure that the thawed period is long enough to ensure that all the tasks that need to be executed (including any required reboots) can be executed without being interrupted by the computer returning to a frozen state.

Faronics provides toll free technical support via phone at the following numbers;

• Telephone (USA/Canada): 1-800-943-6422 x 1
• Telephone (International): +1-604-637-3333 x 1

Support can be reached via email to;

• support@faronics.com

Additionally FAQ's and the status of current support tickets can be checked on the Faronics Portal at:

• support.faronics.com

The support department is avaliable from 7am - 5pm Pacific Time, Monday through Friday.

Overview

This document will detail guidelines for configuring Microsoft's BgInfo to display Deep Freeze client information.



Introduction

Deep Freeze provides administrators with a solution to protect endpoints from changes by removing all changes on protected areas on a system restart.

By design, Deep Freeze does not make any distinction between changes that are malicious, or changes that are desired on a workstation; This may pose some challenges in managing dynamic resources which you may want to retain after a system restart.

With new customers of Deep Freeze, we sometimes see system administrators applying changes which they'd like to apply on a target workstation which is in a Frozen state, only to have these changes removed after a workstation restart.

Although Deep Freeze's status can be viewed (by default) by reviewing the local system notification area (near the Window clock), there are some limitations which Windows may introduce: Small, 16 by 16 pixel, icons or icons not being displayed in the system notification area.

In this document, we're going to walkthrough leveraging a third party utility to announce the status of a Deep Freeze workstation.

Overview

Details about Deep Freeze can be polled using several resources. Here are some examples on a 64-bit deployment with modern Deep Freeze deployments.

Deep Freeze's (Frozen | Thawed | Seeded) status?
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Faronics\Deep Freeze 6\DF Status"

Deep Freeze's version information (in the form of 0.00.000.0000)?
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Faronics\Deep Freeze 6\DF Version"

Configuring BgInfo

BgInfo can be configured to display workstation information as a part of customized wallpaper.

BgInfo also includes details to add custom fields, to analyze resources available on local workstations to display custom information.

Using details listed above in the overview, BgInfo can display information on Deep Freeze and other Faronics resources.

Deep Freeze 8.31 made several enhancements to license activation to curb piracy and over-deployment issues. Moving forward, the workstation must connect either via the local console or directly to the Faronics Activation server to authenticate the license as and when an Internet connection is available. Failure to activate the license for more than 30 days will expire the product and prevent the workstation from rebooting into a Frozen state.

The workstation will attempt to automatically activate the license if an activation is pending or if it has previously failed to activate. However, both the Deep Freeze Enterprise Console and the workstation has the ability to manually activate the workstation license via an online or offline options.

Automatic Activation

The license is automatically activated on all workstations communicating with the Enterprise Console. If a workstation is offline (shut down or disconnected from the network), the license is activated when the workstation communicates with the Enterprise Console. The workstation will connect automatically to Faronics Activation Server if the Enterprise Console does not activate the workstation within 24 hours after the license key is applied.

Manual Activation

If automatic activation does not activate the workstation license, the Deep Freeze administrator can use the manual activation option by navigating to the Licensing dialogue in the console or client interface.

Two options are available:

• Activate Online - activate Deep Freeze workstation license over the Internet. The computer must be connected to the Internet to Activate Online.
• Activate Offline - activate the Deep Freeze workstation license by contacting Faronics Activation Support via email or phone. Create an Offline Activation Request File and send the file to activation@faronics.com to receive an Activation Response File.

For more information, refer to the Licensing section of the Deep Freeze Enterprise User Guide available at www.faronics.com/assets/DFE_Manual.pdf 

Resolving Activation Problems

If your activation is failing or if you believe you have been a victim of licensing piracy, please contact Faronics Activation Support at 604-637-8271 or 1-800-943-6422 in North America or send us an email to activation@faronics.com <mailto:activation@faronics.com> .

Overview

This document describes the design aspects and usage of Proxy Server configuration in Deep Freeze Enterprise versions 8.32 onwards.

1.   Introduction

Starting from version 8.32 Deep Freeze Enterprise has introduced the support of Proxy Server setup for network environments, where Internet communication goes through Web Proxy Server. Those Deep Freeze features, which require communication with Faronics Web resources, will be able to handle Proxy Server. It affects only communication Deep Freeze to the Web, while communication between Deep Freeze Console and client is not affected by Proxy settings and will always use direct connection over LAN/WAN.

Deep Freeze supports Forwarding (local) Proxy Server setup as well as Public Proxy Servers.

2.   Proxy Server Configuration in Deep Freeze Enterprise Console 

Proxy Server Configuration in Deep Freeze Enterprise Console is configured in Tools->Network Configuration->Proxy Server. Deep Freeze will explicitly use those settings disregarding Proxy settings, which may be configured in system’s LAN configuration (Internet Options settings).

When the Proxy Server is configured in Deep Freeze Console, following features of the Console will use Proxy configuration:

• -       License Online Activation
• -       Cloud Connector
• -       Announcements
• -       Check for Updates

License auto-activation is supported by Console’s Server Service, where the Server Service will use Proxy setting configured in its local Console. For remote Console setup, where Console and Server Service are running on different computers, it still requires to setup Proxy Server configuration using local Console on both computers.

When Proxy Server connection fails, Deep Freeze Console or Server Service will also attempt direct connection to Internet.

3.   Proxy Server Configuration in the Deep Freeze client

Unlike Deep Freeze Console, the Deep Freeze client cannot be explicitly configured with Proxy settings and uses Proxy settings of local system’s LAN configuration (Internet Options settings). Console’s Proxy configuration does not take effect on connected clients.

Currently, the only feature of Deep Freeze client which may require Proxy configuration is online activation.

Manual online activation (initiated through Deep Freeze workstation UI) is maintained by user specific process, and therefore it will recognize either user-specific or system-specific LAN configuration, where system-specific LAN configuration takes precedence.

The system LAN configuration is stored in:

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings

The user LAN configuration is configured in Internet Options of the current user and is stored in:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Auto-activation of Deep Freeze client is maintained by system process, and therefore will not recognize user-specific LAN configuration, but system-specific only.

When Proxy Server connection fails, Deep Freeze client will also attempt direct connection to Internet.

Overview

As customers migrate from Windows 7 to Windows 8 and Windows 10 they may notice an increase in the time taken for a system to log a user into the computer for the first time. On item that does contributes to the increase in login time is the installation of provisioned Windows Applications into the users profile.

Provisioned Windows Applications

Windows 8 and Windows 10 introduced a new type of Windows Application, commonly referred to as Modern (or Metro) applications. A number of Modern UI applications come preinstalled with Windows 8 and Windows 10.

Modern Applications are installed in a different manner that associates them with the user profile that they were initially purchased or installed under, as such the pre-installed Modern UI applications are installed when each new user logs into the system for the first time. This installation process can extend the time that it takes for a user to log into the computer for the first time significantly.

Removing Modern UI applications.

Modern UI applications can be installed after the user logs in, however as each new user logs in the applications that have been previously provisioned as part of the system will be reinstalled into each user. To prevent this the Modern UI applications, have to be removed using a specific PowerShell command that removes them from the list of applications automatically installed for the user.

Remove-AppXProvisionedPackage –Online –PackageName <PACKAGENAME>

A list of applications provisioned on the local machine can be listed by running the command below;

Get-AppXProvisionedPackage –Online | Select PackageName

Removing the Modern UI Applications can reduce the time taken for new user creation by removing individual programs that will not be used in your environment, for example to remove The Weather Application you would run the command;

Remove-AppXProvisionedPackage –Online –PackageName Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe

To remove all the Modern UI applications from the system you can run the following command;

Get-AppXProvisionedPackage –Online | Remove-AppXProvisionedPackage –Online

This will remove all the Modern UI applications from the system, and will prevent them from being installed as new users log into the system, it will however remove the Windows Store Application and this may prevent you from being able to re-install the applications later on without reinstalling the client OS.

Some additional applications such as games and other cloud content are installed by the operating system after the creation of the user profile, this can be disabled by creating the following registry key on your systems;

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent
Key: DisableWindowsConsumerFeatures
Type: DWORD (32-bit) Value
Value: 1

This will prevent the installation any remaining applications that would be promoted through the Windows Store.