- Remote help for Intune and Microsoft Endpoint Manager - Tue, Jan 25 2022
- Windows 10/11 Azure AD/Intune Enterprise subscription is not valid - Mon, Nov 8 2021
- Upgrade from Windows 10 to Windows 11 with Setupconfig.ini and Intune - Wed, Sep 22 2021
Many enterprises would like to control and remove such notifications because they can confuse users and trigger unnecessary help desk calls. At the time of this writing, no Edge setting or Group Policy exists that allows admins to remove the Edge welcome page. Thus, I decided to dig in to how we can stop the page from showing.
It turns out that it is controlled by the following two registry keys:
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FirstRun\LastFirstRunVersionDelivered HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\IE10TourShown
I also noticed that if you have Internet Explorer set as the default browser, Microsoft Edge will prompt you to change it.
There is no way to stop this behavior using Group Policy either, so I have included the registry key to disable the default browser prompt as well:
HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt
I don't recommend using Group Policy Preferences to deploy these registry settings. The problem is that the entire Appcontainer registry key structure is not present when Group Policy Preferences are applied during the first logon. Only when the user logs on the second time will the settings be applied, and many users will have already started Microsoft Edge by that time.
This why we created a PowerShell solution for the task. You can deploy the script as a logon script with Group Policy or use Configuration Manager (described below).
Using a PowerShell logon script
You can use the script below as a logon script or copy it to your existing logon script.
# Name: EdgeWelcomeLogon.ps1 # Author: Jörgen Nilsson do { Start-Sleep -Milliseconds 2000 $Exhausted++ } While (!(Test-Path -path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe") -and $Exhausted -lt 31) if($Exhausted -gt 30) { exit 1 } New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge" -type Directory New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Firstrun" -type Directory New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -type Directory # These two values removes the Edge Welcome screen new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FirstRun" -Name "LastFirstRunVersionDelivered" -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -Name IE10TourShown -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null # This registry entry disables the prompt to make Edge the default browser new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -Name "DisallowDefaultBrowserPrompt" -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null
The script will wait 60 seconds for Windows to create the Appcontainer registry key. If the key did not exist previously, the script will exit. This ensures that the script doesn't run forever, which could happen on Windows 10 LTSB where Edge doesn't exist. Once the key exists, the script will add the registry values for disabling the Edge welcome screen.
Using PowerShell and Active Setup
Another option is Active Setup because it ensures that the script runs only once per user at logon time. My solution consist of two scripts. The first script (InstallEdgeWelcome.ps1) copies the second script (EdgeWelcome.ps1) to C:\Windows and adds the registry keys required for Active Setup.
One way to deploy the install script is by using Configuration Manager during OS deployment (explained below). Another option is to use a Microsoft Deployment Toolkit (MDT Task Sequence), which I don't cover in this post.
# Name: InstallEdgeWelcome.ps1 # Author: Jörgen Nilsson Copy-Item -Path (Join-Path -Path $PSScriptRoot -ChildPath "EdgeWelcome.ps1") -Destination (Join-Path -Path $env:SystemDrive -ChildPath "Windows") New-Item -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\EdgeWelcome" -type Directory new-itemproperty "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\EdgeWelcome" -Name "Version" -Value 1 -PropertyType String -Force new-itemproperty "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\EdgeWelcome" -Name "StubPath" -Value "powershell.exe -NoProfile -ExecutionPolicy ByPass -File C:\windows\EdgeWelcome.ps1" -PropertyType ExpandString -Force
The script EdgeWelcome.ps1 is perhaps a bit unorthodox. It first starts a new PowerShell process that launches the script again. This is necessary because the Appcontainer registry key might not yet exist during the logon process (as mention above), and the logon process would get hung up.
The script then creates the registry values that tell Microsoft Edge that the welcome screen has already been displayed. It also adds a registry key to remove the prompt that informs the user that Edge is not the default browser.
# Name: EdgeWelcome.ps1 # Authors: Jörgen Nilsson and Johan Schrewelius function Start-Proc { param([string]$Exe = $(Throw "An executable must be specified"), [string]$Arguments, [switch]$Hidden, [switch]$waitforexit) $startinfo = New-Object System.Diagnostics.ProcessStartInfo $startinfo.FileName = $Exe $startinfo.Arguments = $Arguments if ($Hidden) { $startinfo.WindowStyle = 'Hidden' $startinfo.CreateNoWindow = $True } $process = [System.Diagnostics.Process]::Start($startinfo) if ($waitforexit) { $process.WaitForExit() } return $process.ExitCode } $RunScript=$args[0] if(!$RunScript) { $args = "-ExecutionPolicy ByPass -File $($PSScriptRoot)\edgewelcome.ps1 Run" Start-Proc -Exe "Powershell.exe" -Arguments $args -Hidden exit 0 } do { Start-Sleep -Milliseconds 2000 } While (!(Test-Path -path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe")) New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge" -type Directory New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Firstrun" -type Directory New-Item -Path "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -type Directory # These two values removes the Edge Welcome screen new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FirstRun" -Name "LastFirstRunVersionDelivered" -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -Name IE10TourShown -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null # This registry entry disabled the prompt to make Edge the default browser new-itemproperty "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main" -Name "DisallowDefaultBrowserPrompt" -Value 1 -Type DWORD -Force -ErrorAction SilentlyContinue | Out-Null
Deploying the script with SCCM during OS deployment
To deploy the scripts with Configuration Manager, follow these steps:
- Copy both files to a folder that can be used as source for Packages in Configuration Manager.
- Create a new Package in Configuration Manager that you can use as a source for the script in a Task Sequence.
- Select Do not create a program because we will use the "Run PowerShell script" step in the Task Sequence (see step 5).
- Distribute the content to the Distribution Points
- Edit your Windows 10 1607 Task Sequence and add a new Run PowerShell Script step with the settings shown in the screenshot below.
When the user logs on to a newly deployed computer, it will have the registry entries and therefore not launch the Edge welcome screen or the prompt to set Edge as default browser.
Subscribe to 4sysops newsletter!
The PowerShell scripts discussed in this post are also available at the TechNet Gallery.
Come on MS, what’s with the hating on GPO settings for Edge??!!!
Awesome..
You could start script using runonce key, it will be fired after ActiveSetup.
Hi,
Yes, I thought of that but then I would have to wrap the powershell script in a vbscript as well, otherwise the end users would se a command prompt windows flashing by. But it should work just fine as well.
Regards,
Jörgen
Thanks Jorgen, I used your info to use a batch file that uses the runonce key. You always have great content, and thanks for providing the detail about which keys.
Thanks Gary! 😀
Why the hell is there not a Group Policy for this stuff? Get with the times, Microsoft.
And even this script seems so hacky, with the keys not existing at logon. Microsoft shouldn’t be putting us through this.
Why not configure it through RunOnce in the Default User’s registry? All new users logging on to the system will get the RunOnce registry key:
In default hive if you have existing roaming users it won’t target them.
Good post, I used activesetup and compiled the script (from line 32 to end) to be hidden with powergui
Hi,
How to do this in MDT? I’ve added a Powershell step with this command %scriptroot%\installedgewelcome.ps1
It seems to run fine but when i logon edge welcome tab starts.
I must say i’m using an mandatory profiles
any idea?
Hi,
You can check if the Activesetup registry key is there, if so it should work. I haven’t tried it with a Mandatory profile could be that could be the issue as well.
Regards,
Jörgen
all the keys are present.
but not working with our mandatory profile.
I’ve made the profile using this: https://technet.microsoft.com/nl-nl/itpro/windows/manage/mandatory-user-profile
Any idea. should i run the script when making the profile perhaps?
Hi,
Yes, you can run it when you create the mandatory profile, then it should be included in the mandatory profile.
regards,
Jörgen
unfortunately it doesn’t work.
Thanks for this article, the logon script works perfectly.
The Creators update (1703) includes a GPO to disable the First Run Setting, go figure.
Late to the party using 1607 right now, but it’s been working better and support has been extended. The logon script worked like a charm. We applied it using Ivanti. Thanks for this easy solution!
now available as GPO on IE and Edge in HKLM: https://www.groovypost.com/howto/disable-microsoft-edge-first-run-welcome-page-windows-10/