Fix store suggestions not getting disabled correctly for all users when running as other user (#642)

This commit is contained in:
Jeffrey
2026-06-21 01:56:28 +02:00
committed by GitHub
parent 6e4a616f1c
commit 908274a500
4 changed files with 144 additions and 30 deletions

View File

@@ -125,7 +125,10 @@ function ExecuteParameter {
}
Write-Host "> Disabling Microsoft Store search suggestions for user $(GetUserName)..."
DisableStoreSearchSuggestions
$storeDb = GetStoreAppsDatabasePathForUser -UserName (GetUserName)
if ($storeDb) {
DisableStoreSearchSuggestions -StoreAppsDatabase $storeDb
}
Write-Host ""
return
}
@@ -289,7 +292,10 @@ function Invoke-UndoFeatureAction {
}
Write-Host "> Re-enabling Microsoft Store search suggestions for user $(GetUserName)..."
EnableStoreSearchSuggestions
$storeDb = GetStoreAppsDatabasePathForUser -UserName (GetUserName)
if ($storeDb) {
EnableStoreSearchSuggestions -StoreAppsDatabase $storeDb
}
Write-Host ""
return
}

View File

@@ -50,10 +50,7 @@ function Test-FeatureApplied {
return (Test-StoreSearchSuggestionsDisabledForAllUsers)
}
$storeDbPath = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
if ($script:Params.ContainsKey('User')) {
$storeDbPath = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
}
$storeDbPath = GetStoreAppsDatabasePathForUser -UserName (GetUserName)
return (Test-StoreSearchSuggestionsDisabled -StoreAppsDatabase $storeDbPath)
}

View File

@@ -1,32 +1,58 @@
# Disables Microsoft Store search suggestions in the start menu for all users by denying access to the Store app database file for each user
<#
.SYNOPSIS
Disables Microsoft Store search suggestions in the start menu for all user profiles.
.DESCRIPTION
Iterates over every existing user profile and the Default user profile,
denying the EVERYONE group FullControl access to each user's Store app
database file (store.db). This prevents Windows from showing Store search
suggestions in the start menu search pane.
.EXAMPLE
DisableStoreSearchSuggestionsForAllUsers
#>
function DisableStoreSearchSuggestionsForAllUsers {
# Get path to Store app database for all users
$userPathString = GetUserDirectory -userName "*" -fileName "AppData\Local\Packages"
$usersStoreDbPaths = Get-ChildItem -Path $userPathString -ErrorAction SilentlyContinue
# Go through all users and disable start search suggestions
ForEach ($storeDbPath in $usersStoreDbPaths) {
DisableStoreSearchSuggestions ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db")
foreach ($storeDbPath in $usersStoreDbPaths) {
DisableStoreSearchSuggestions -StoreAppsDatabase ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db")
}
# Also disable start search suggestions for the default user profile
$defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
DisableStoreSearchSuggestions $defaultStoreDbPath
$defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default"
if ($defaultStoreDbPath) {
DisableStoreSearchSuggestions -StoreAppsDatabase $defaultStoreDbPath
}
}
# Disables Microsoft Store search suggestions in the start menu by denying access to the Store app database file
<#
.SYNOPSIS
Disables Microsoft Store search suggestions for a single user.
.DESCRIPTION
Denies the EVERYONE group FullControl access to the specified Store app
database file (store.db). If the file does not exist (e.g. on EEA systems
where Store app suggestions are absent by default), it creates the file
and its parent directory first to prevent Windows from recreating it later.
.PARAMETER StoreAppsDatabase
The full path to the user's store.db file.
.EXAMPLE
DisableStoreSearchSuggestions -StoreAppsDatabase "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
#>
function DisableStoreSearchSuggestions {
param (
$StoreAppsDatabase = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
[Parameter(Mandatory)]
[string]$StoreAppsDatabase
)
# Change path to correct user if a user was specified
if ($script:Params.ContainsKey("User")) {
$StoreAppsDatabase = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
}
$userName = [regex]::Match($StoreAppsDatabase, '(?:Users\\)([^\\]+)(?:\\AppData)').Groups[1].Value
if (-not $userName) { $userName = '<unknown>' }
# This file doesn't exist in EEA (No Store app suggestions).
if (-not (Test-Path -Path $StoreAppsDatabase))
@@ -51,31 +77,58 @@ function DisableStoreSearchSuggestions {
Write-Host "Disabled Microsoft Store search suggestions for user $userName"
}
<#
.SYNOPSIS
Re-enables Microsoft Store search suggestions in the start menu for all user profiles.
.DESCRIPTION
Iterates over every existing user profile and the Default user profile,
removing the deny ACL from each user's Store app database file (store.db)
and then deleting the file. This restores the default Windows behavior
where Store search suggestions appear in the start menu.
.EXAMPLE
EnableStoreSearchSuggestionsForAllUsers
#>
function EnableStoreSearchSuggestionsForAllUsers {
# Get path to Store app database for all users
$userPathString = GetUserDirectory -userName "*" -fileName "AppData\Local\Packages"
$usersStoreDbPaths = Get-ChildItem -Path $userPathString -ErrorAction SilentlyContinue
# Go through all users and re-enable start search suggestions
ForEach ($storeDbPath in $usersStoreDbPaths) {
EnableStoreSearchSuggestions ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db")
foreach ($storeDbPath in $usersStoreDbPaths) {
EnableStoreSearchSuggestions -StoreAppsDatabase ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db")
}
# Also re-enable for the default user profile
$defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
EnableStoreSearchSuggestions $defaultStoreDbPath
$defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default"
if ($defaultStoreDbPath) {
EnableStoreSearchSuggestions -StoreAppsDatabase $defaultStoreDbPath
}
}
<#
.SYNOPSIS
Re-enables Microsoft Store search suggestions for a single user.
.DESCRIPTION
Takes ownership of the specified Store app database file, removes any
EVERYONE deny FullControl ACL entries, and deletes the file. If the file
does not exist, no action is taken. Callers should handle the case where
the file is absent gracefully.
.PARAMETER StoreAppsDatabase
The full path to the user's store.db file.
.EXAMPLE
EnableStoreSearchSuggestions -StoreAppsDatabase "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
#>
function EnableStoreSearchSuggestions {
param (
$StoreAppsDatabase = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
[Parameter(Mandatory)]
[string]$StoreAppsDatabase
)
# Change path to correct user if a user was specified
if ($script:Params.ContainsKey("User")) {
$StoreAppsDatabase = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
}
$userName = [regex]::Match($StoreAppsDatabase, '(?:Users\\)([^\\]+)(?:\\AppData)').Groups[1].Value
if (-not $userName) { $userName = '<unknown>' }
@@ -120,6 +173,51 @@ function EnableStoreSearchSuggestions {
}
}
<#
.SYNOPSIS
Returns the full path to the Store app database file for a given user.
.DESCRIPTION
Resolves the path to the Microsoft Store app database (store.db) for the
specified username. When no username is provided or the value is empty,
falls back to the current user's local app data path via $env:LOCALAPPDATA.
.PARAMETER UserName
The target username. Pass an empty string or omit to resolve for the current user.
.EXAMPLE
GetStoreAppsDatabasePathForUser -UserName "Jeff"
.EXAMPLE
GetStoreAppsDatabasePathForUser -UserName "Default"
#>
function GetStoreAppsDatabasePathForUser {
param(
[string]$UserName
)
if ([string]::IsNullOrWhiteSpace($UserName)) {
return "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
}
return (GetUserDirectory -userName $UserName -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false)
}
<#
.SYNOPSIS
Tests whether Store search suggestions are disabled for a single user.
.DESCRIPTION
Checks whether the specified store.db file has an EVERYONE deny
FullControl ACL entry applied. Returns $true if the deny rule is present,
$false otherwise (including when the file or directory does not exist).
.PARAMETER StoreAppsDatabase
The full path to the user's store.db file.
.EXAMPLE
Test-StoreSearchSuggestionsDisabled -StoreAppsDatabase "C:\Users\Jeff\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db"
#>
function Test-StoreSearchSuggestionsDisabled {
param(
[Parameter(Mandatory)]
@@ -157,6 +255,19 @@ function Test-StoreSearchSuggestionsDisabled {
return $false
}
<#
.SYNOPSIS
Tests whether Store search suggestions are disabled for all user profiles.
.DESCRIPTION
Collects the store.db paths for all existing user profiles and the Default
user profile, then verifies that every one of them has the EVERYONE deny
FullControl ACL applied. Returns $true only if ALL paths pass the check.
Returns $false immediately if any user's store.db is not disabled.
.EXAMPLE
Test-StoreSearchSuggestionsDisabledForAllUsers
#>
function Test-StoreSearchSuggestionsDisabledForAllUsers {
$paths = @()
@@ -166,7 +277,7 @@ function Test-StoreSearchSuggestionsDisabledForAllUsers {
$paths += ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db")
}
$defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false
$defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default"
if ($defaultStoreDbPath) {
$paths += $defaultStoreDbPath
}

View File

@@ -300,7 +300,7 @@ if (-not $script:WingetInstalled -and -not $Silent) {
. "$PSScriptRoot/Scripts/Features/RegistryBackupValidation.ps1"
. "$PSScriptRoot/Scripts/Features/RestoreRegistryApplyState.ps1"
. "$PSScriptRoot/Scripts/Features/RestoreRegistryBackup.ps1"
. "$PSScriptRoot/Scripts/Features/DisableStoreSearchSuggestions.ps1"
. "$PSScriptRoot/Scripts/Features/StoreSearchSuggestions.ps1"
. "$PSScriptRoot/Scripts/Features/TelemetryScheduledTasks.ps1"
. "$PSScriptRoot/Scripts/Features/WindowsOptionalFeatures.ps1"
. "$PSScriptRoot/Scripts/Features/ImportRegistryFile.ps1"