I'm administrating a Windows 7 (now Windows 10) machine which has one account that is pretty locked down. Users can only start specific programs (via white list in the group policies), have no access to Internet Explorer, no explorer etc. Basically, all they can do (or should be able to do) is start applications from the desktop.
Now, after updating to Windows 10, my securities measures can be easily circumvented: The main problem is the start menu or rather the integrated search. Users can search for "Edge" and start it although it's not in my white list, they can also enter "C:\" in the search and open the explorer with this path as well as execute Windows apps I didn't allow. I could only find a group policy to disable web and file search but it still allows users to execute more or less arbitrary applications as well as Edge (which nobody should be allowed to access except me, the admin).
How can I avoid this problem? In Windows 7 it was possible to revert to the old start menu and disable the search completely for users but this doesn't seem to be possible anymore. Also the layout of the start menu seems fixed and I can't change or disable the apps I don't want to have. According to technet, there is the possibility to load the start menu layout from a predefined XML file. I tried this but the layout is unchanged, no error message whatsoever. I also disabled most Cortana options I could find, but there are not many in the group policies.
Thanks for any help!
