How to Disable Startup Items for Standard Users

What's the Issue?  User calls into our support line and would like to disable an annoying startup app. The typical way to disable startup items is by opening Task Manager > Startup and then right clicking a program > Disable Problem is that this requires admin rights…which your users should not have. If a technician tries to elevate Task Manager , the startup items folder will most likely be empty. What gives??!?!?! This is because when you elevate Task Manager , you are running the program under the context of the elevation account. That will probably be either the local administrator or a technician’s account that they used during the UAC prompt. If their account does not have a profile on that PC, the startup items will be empty. Also, if they did have a profile and they happened to disable a startup item, it will most likely only be disabled for that elevated profile. What's the fix? Most startup items can be found and disabled within the Windows 10 Settings app;

Dipping My Toes into Windows Autopilot - Self Deploying Kiosks

So full disclosure, I originally went down this road hoping to use Self-Deploying Autopilot to provision kiosks at my org, but unfortunately the Lenovo ThinkCentre tiny PCs we bought years ago do not support TPM 2.0. Turns out TPM 2.0 is a prereq for the “self-deploying” part of Autopilot (also means you can’t deploy to a virtual machine). So that was a bummer. I ended up getting this whole flow to work on a laptop as a proof-of-concept, but look over the list of prereqs below to see if this is right for your use case. Even if you don’t do the Autopilot portion of this, you will most likely be able to get the Intune kiosk policies to work. For this post, I’m mainly going over how to self deploy a single-app kiosk (using the Kiosk Browser from the Microsoft Store for Business ) via Autopilot and then showing how to lock down user logins outside of the local account Intune provisions to log in to the kiosk profile. Aut