How to Run an Unsigned PowerShell Script at Startup with Group Policy
- Last updated: Nov 10, 2024

In a company, when administering a large number of machines, it quickly becomes essential to be able to run PowerShell scripts on users' computers.
Here, I'll show you how to run an unsigned PowerShell script on the computers of domain member users, in order to remove Built-In Applications.
Create a .bat file
Create a remove_appx.bat
file and put it in the netlogon share folder.

@echo off
REM Delete the PowerShell script
del c:\windows\temp\remove_appx.ps1
REM Copy the PowerShell script to the Temp folder
copy \\shebangthedolphins.net\netlogon\SCRIPTS\remove_appx.ps1 c:\windows\temp\ /Z /Y
REM Run the PowerShell script
%windir%\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File c:\windows\temp\remove_appx.ps1
REM Delete the PowerShell script
del c:\windows\temp\remove_appx.ps1
- What will this .bat file do?
- Copy the PowerShell script to the Temp folder
- Run the PowerShell script
- Delete the PowerShell script
Create PowerShell script file
Next, we need to create our remove_appx.ps1
file in the netlogon share folder.

Set-Content -Path 'C:\std_rocks.txt' -Value 'OK' #check if the script has been executed
Get-AppxPackage -AllUsers | ? { $_.Name -match "3dbuilder" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "windowsalarms" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "windowscommunicationsapps" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "windowscamera" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "officehub" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "skypeapp" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "getstarted" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "zunemusic" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "windowsmaps" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "solitairecollection" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "bingfinance" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "zunevideo" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "bingnews" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "people" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.People" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "windowsphone" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "bingsports" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "soundrecorder" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "bingweather" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "xboxapp" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "MixedReality" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "hub" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "YourPhone" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.OneConnect" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.XboxGamingOverlay" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "twitter" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "candycrush" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "gethelp" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "messaging" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "3Dviewer" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "LinkedInforWindows" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.RemoteDesktop" } | Remove-AppxPackage -AllUsers
#XBOX
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.Xbox.TCUI" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.XboxGameOverlay" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.XboxIdentityProvider" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "Microsoft.XboxSpeechToTextOverlay" } | Remove-AppxPackage -AllUsers
Get-AppxPackage -AllUsers | ? { $_.Name -match "xbox" } | Remove-AppxPackage -AllUsers
foreach ($app in $(Get-AppxPackage -AllUsers | ? { $_.Name -match "xbox" })) { $app | Remove-AppxPackage -AllUsers }
Create a Group Policy Object
- Open the Active Directory Users and Computers console:

- Moving computers to an OU (Organizational Unit):

- Open the Group Policy Manager:

- Create a GPO:

- Give the new GPO a name:

- Edit the GPO:

- Go to Computer Configuration > Policies > Windows Settings > Scripts > Startup > Right click > Properties:

- Stay on the Scripts tab, and click on the Add... button:

- Click on the Browse… button:

- Navigate to the NETLOGON share and select the .bat script:

- Click on OK:

From the user computer
Let's check that the strategy has been applied.
- First restart the computer, then open an administrator command prompt and run this command:
C:\WINDOWS\system32>gpresult /z /scope computer
- In the Startup Scripts section, check that the GPO name is visible:

- You can also check that the file
c:\std_rocks.txt
has been created. (It's the first line of the PowerShell script:Set-Content -Path 'C:\std_rocks.txt' -Value 'OK'
):
