From 908274a500b65df73229cd3d042ac48b3229f1c7 Mon Sep 17 00:00:00 2001 From: Jeffrey <9938813+Raphire@users.noreply.github.com> Date: Sun, 21 Jun 2026 01:56:28 +0200 Subject: [PATCH] Fix store suggestions not getting disabled correctly for all users when running as other user (#642) --- Scripts/Features/ExecuteChanges.ps1 | 10 +- Scripts/Features/GetCurrentTweakState.ps1 | 5 +- ...estions.ps1 => StoreSearchSuggestions.ps1} | 157 +++++++++++++++--- Win11Debloat.ps1 | 2 +- 4 files changed, 144 insertions(+), 30 deletions(-) rename Scripts/Features/{DisableStoreSearchSuggestions.ps1 => StoreSearchSuggestions.ps1} (52%) diff --git a/Scripts/Features/ExecuteChanges.ps1 b/Scripts/Features/ExecuteChanges.ps1 index 8309fe9..1981f1f 100644 --- a/Scripts/Features/ExecuteChanges.ps1 +++ b/Scripts/Features/ExecuteChanges.ps1 @@ -125,7 +125,10 @@ function ExecuteParameter { } Write-Host "> Disabling Microsoft Store search suggestions for user $(GetUserName)..." - DisableStoreSearchSuggestions + $storeDb = GetStoreAppsDatabasePathForUser -UserName (GetUserName) + if ($storeDb) { + DisableStoreSearchSuggestions -StoreAppsDatabase $storeDb + } Write-Host "" return } @@ -289,7 +292,10 @@ function Invoke-UndoFeatureAction { } Write-Host "> Re-enabling Microsoft Store search suggestions for user $(GetUserName)..." - EnableStoreSearchSuggestions + $storeDb = GetStoreAppsDatabasePathForUser -UserName (GetUserName) + if ($storeDb) { + EnableStoreSearchSuggestions -StoreAppsDatabase $storeDb + } Write-Host "" return } diff --git a/Scripts/Features/GetCurrentTweakState.ps1 b/Scripts/Features/GetCurrentTweakState.ps1 index 498ffb8..4aaa483 100644 --- a/Scripts/Features/GetCurrentTweakState.ps1 +++ b/Scripts/Features/GetCurrentTweakState.ps1 @@ -50,10 +50,7 @@ function Test-FeatureApplied { return (Test-StoreSearchSuggestionsDisabledForAllUsers) } - $storeDbPath = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" - if ($script:Params.ContainsKey('User')) { - $storeDbPath = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false - } + $storeDbPath = GetStoreAppsDatabasePathForUser -UserName (GetUserName) return (Test-StoreSearchSuggestionsDisabled -StoreAppsDatabase $storeDbPath) } diff --git a/Scripts/Features/DisableStoreSearchSuggestions.ps1 b/Scripts/Features/StoreSearchSuggestions.ps1 similarity index 52% rename from Scripts/Features/DisableStoreSearchSuggestions.ps1 rename to Scripts/Features/StoreSearchSuggestions.ps1 index adb1780..2633ba3 100644 --- a/Scripts/Features/DisableStoreSearchSuggestions.ps1 +++ b/Scripts/Features/StoreSearchSuggestions.ps1 @@ -1,32 +1,58 @@ -# Disables Microsoft Store search suggestions in the start menu for all users by denying access to the Store app database file for each user +<# + .SYNOPSIS + Disables Microsoft Store search suggestions in the start menu for all user profiles. + + .DESCRIPTION + Iterates over every existing user profile and the Default user profile, + denying the EVERYONE group FullControl access to each user's Store app + database file (store.db). This prevents Windows from showing Store search + suggestions in the start menu search pane. + + .EXAMPLE + DisableStoreSearchSuggestionsForAllUsers +#> function DisableStoreSearchSuggestionsForAllUsers { # Get path to Store app database for all users $userPathString = GetUserDirectory -userName "*" -fileName "AppData\Local\Packages" $usersStoreDbPaths = Get-ChildItem -Path $userPathString -ErrorAction SilentlyContinue # Go through all users and disable start search suggestions - ForEach ($storeDbPath in $usersStoreDbPaths) { - DisableStoreSearchSuggestions ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db") + foreach ($storeDbPath in $usersStoreDbPaths) { + DisableStoreSearchSuggestions -StoreAppsDatabase ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db") } # Also disable start search suggestions for the default user profile - $defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false - DisableStoreSearchSuggestions $defaultStoreDbPath + $defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default" + if ($defaultStoreDbPath) { + DisableStoreSearchSuggestions -StoreAppsDatabase $defaultStoreDbPath + } } -# Disables Microsoft Store search suggestions in the start menu by denying access to the Store app database file +<# + .SYNOPSIS + Disables Microsoft Store search suggestions for a single user. + + .DESCRIPTION + Denies the EVERYONE group FullControl access to the specified Store app + database file (store.db). If the file does not exist (e.g. on EEA systems + where Store app suggestions are absent by default), it creates the file + and its parent directory first to prevent Windows from recreating it later. + + .PARAMETER StoreAppsDatabase + The full path to the user's store.db file. + + .EXAMPLE + DisableStoreSearchSuggestions -StoreAppsDatabase "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" +#> function DisableStoreSearchSuggestions { param ( - $StoreAppsDatabase = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" + [Parameter(Mandatory)] + [string]$StoreAppsDatabase ) - # Change path to correct user if a user was specified - if ($script:Params.ContainsKey("User")) { - $StoreAppsDatabase = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false - } - $userName = [regex]::Match($StoreAppsDatabase, '(?:Users\\)([^\\]+)(?:\\AppData)').Groups[1].Value + if (-not $userName) { $userName = '' } # This file doesn't exist in EEA (No Store app suggestions). if (-not (Test-Path -Path $StoreAppsDatabase)) @@ -51,31 +77,58 @@ function DisableStoreSearchSuggestions { Write-Host "Disabled Microsoft Store search suggestions for user $userName" } +<# + .SYNOPSIS + Re-enables Microsoft Store search suggestions in the start menu for all user profiles. + + .DESCRIPTION + Iterates over every existing user profile and the Default user profile, + removing the deny ACL from each user's Store app database file (store.db) + and then deleting the file. This restores the default Windows behavior + where Store search suggestions appear in the start menu. + + .EXAMPLE + EnableStoreSearchSuggestionsForAllUsers +#> function EnableStoreSearchSuggestionsForAllUsers { # Get path to Store app database for all users $userPathString = GetUserDirectory -userName "*" -fileName "AppData\Local\Packages" $usersStoreDbPaths = Get-ChildItem -Path $userPathString -ErrorAction SilentlyContinue # Go through all users and re-enable start search suggestions - ForEach ($storeDbPath in $usersStoreDbPaths) { - EnableStoreSearchSuggestions ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db") + foreach ($storeDbPath in $usersStoreDbPaths) { + EnableStoreSearchSuggestions -StoreAppsDatabase ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db") } # Also re-enable for the default user profile - $defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false - EnableStoreSearchSuggestions $defaultStoreDbPath + $defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default" + if ($defaultStoreDbPath) { + EnableStoreSearchSuggestions -StoreAppsDatabase $defaultStoreDbPath + } } +<# + .SYNOPSIS + Re-enables Microsoft Store search suggestions for a single user. + + .DESCRIPTION + Takes ownership of the specified Store app database file, removes any + EVERYONE deny FullControl ACL entries, and deletes the file. If the file + does not exist, no action is taken. Callers should handle the case where + the file is absent gracefully. + + .PARAMETER StoreAppsDatabase + The full path to the user's store.db file. + + .EXAMPLE + EnableStoreSearchSuggestions -StoreAppsDatabase "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" +#> function EnableStoreSearchSuggestions { param ( - $StoreAppsDatabase = "$env:LocalAppData\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" + [Parameter(Mandatory)] + [string]$StoreAppsDatabase ) - # Change path to correct user if a user was specified - if ($script:Params.ContainsKey("User")) { - $StoreAppsDatabase = GetUserDirectory -userName "$(GetUserName)" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false - } - $userName = [regex]::Match($StoreAppsDatabase, '(?:Users\\)([^\\]+)(?:\\AppData)').Groups[1].Value if (-not $userName) { $userName = '' } @@ -120,6 +173,51 @@ function EnableStoreSearchSuggestions { } } +<# + .SYNOPSIS + Returns the full path to the Store app database file for a given user. + + .DESCRIPTION + Resolves the path to the Microsoft Store app database (store.db) for the + specified username. When no username is provided or the value is empty, + falls back to the current user's local app data path via $env:LOCALAPPDATA. + + .PARAMETER UserName + The target username. Pass an empty string or omit to resolve for the current user. + + .EXAMPLE + GetStoreAppsDatabasePathForUser -UserName "Jeff" + + .EXAMPLE + GetStoreAppsDatabasePathForUser -UserName "Default" +#> +function GetStoreAppsDatabasePathForUser { + param( + [string]$UserName + ) + + if ([string]::IsNullOrWhiteSpace($UserName)) { + return "$env:LOCALAPPDATA\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" + } + + return (GetUserDirectory -userName $UserName -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false) +} + +<# + .SYNOPSIS + Tests whether Store search suggestions are disabled for a single user. + + .DESCRIPTION + Checks whether the specified store.db file has an EVERYONE deny + FullControl ACL entry applied. Returns $true if the deny rule is present, + $false otherwise (including when the file or directory does not exist). + + .PARAMETER StoreAppsDatabase + The full path to the user's store.db file. + + .EXAMPLE + Test-StoreSearchSuggestionsDisabled -StoreAppsDatabase "C:\Users\Jeff\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" +#> function Test-StoreSearchSuggestionsDisabled { param( [Parameter(Mandatory)] @@ -157,6 +255,19 @@ function Test-StoreSearchSuggestionsDisabled { return $false } +<# + .SYNOPSIS + Tests whether Store search suggestions are disabled for all user profiles. + + .DESCRIPTION + Collects the store.db paths for all existing user profiles and the Default + user profile, then verifies that every one of them has the EVERYONE deny + FullControl ACL applied. Returns $true only if ALL paths pass the check. + Returns $false immediately if any user's store.db is not disabled. + + .EXAMPLE + Test-StoreSearchSuggestionsDisabledForAllUsers +#> function Test-StoreSearchSuggestionsDisabledForAllUsers { $paths = @() @@ -166,7 +277,7 @@ function Test-StoreSearchSuggestionsDisabledForAllUsers { $paths += ($storeDbPath.FullName + "\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db") } - $defaultStoreDbPath = GetUserDirectory -userName "Default" -fileName "AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\store.db" -exitIfPathNotFound $false + $defaultStoreDbPath = GetStoreAppsDatabasePathForUser -UserName "Default" if ($defaultStoreDbPath) { $paths += $defaultStoreDbPath } diff --git a/Win11Debloat.ps1 b/Win11Debloat.ps1 index 93fc49f..21792da 100644 --- a/Win11Debloat.ps1 +++ b/Win11Debloat.ps1 @@ -300,7 +300,7 @@ if (-not $script:WingetInstalled -and -not $Silent) { . "$PSScriptRoot/Scripts/Features/RegistryBackupValidation.ps1" . "$PSScriptRoot/Scripts/Features/RestoreRegistryApplyState.ps1" . "$PSScriptRoot/Scripts/Features/RestoreRegistryBackup.ps1" -. "$PSScriptRoot/Scripts/Features/DisableStoreSearchSuggestions.ps1" +. "$PSScriptRoot/Scripts/Features/StoreSearchSuggestions.ps1" . "$PSScriptRoot/Scripts/Features/TelemetryScheduledTasks.ps1" . "$PSScriptRoot/Scripts/Features/WindowsOptionalFeatures.ps1" . "$PSScriptRoot/Scripts/Features/ImportRegistryFile.ps1"