Configure Windows 11 Start menu using only Group Policy

If you maintain a fleet of corporate Windows PC's like myself, you may have had to configure the Windows 10 Start menu so it looks the same for everyone by default and has corporate apps pinned as tiles. This consisted of generating an .xml file from the Export-StartLayout PowerShell cmdlet, copying said .xml file across to each machine on the network via Group Policy, and telling Windows to point to that file for it's Start menu configuration (well that's how I did it at least).

Microsoft has decided that is no good for Windows 11. Now if you want to configure the Start menu, you're suggested to use Microsoft's very own Microsoft Endpoint Manager, which of course isn't free. Hmm.

Windows being Windows though, with every setting typically being stored as a registry entry, it is just a matter of working our where Microsoft Endpoint Manager stores its configuration to enable a customised Start menu. Low and behold, that mysterious location is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Start\ConfigureStartPins

Right then, so that's where the settings are stored. What do we need to put into the "ConfigureStartPins" string value?

Well, firstly set up a test account in a Windows 11 VM somewhere. Manually set up the Start menu how you need, pin and unpin apps as required.

Once you've got everything how you'd like, run the following PowerShell command as the logged in user:

Export-StartLayout -Path "C:\<wherever>\startLayout11.json"

Great. We have a .json file with all the apps we need. Now what do we do with that?

Well, nothing with the file itself, but the contents of this file are important.

In a new or existing Group Policy object applied to your Windows 11 PC, create a new registry entry under Computer Configuration -> Preferences -> Windows Settings -> Registry.

New -> Registry Item

Action = Update
Hive = HKLM
Keypath = SOFTWARE\Microsoft\PolicyManager\current\device\Start
Value name = ConfigureStartPins
Value type = REG_SZ
Value data = <the contents of your .json file>

And there you have it. Once this is deployed to your Windows 11 PC's, when a new user logs into the PC, they will have your custom configured Start menu.

Note that users will be able to further customise the menu to suit themselves i.e. it doesn't become "locked", but at least this gets the pre-loaded consumer crud Microsoft wants to push into everyone's faces out of the way.

2024 Update

The above was published in April 2022. Since then I have found the above method no longer works in Windows 11 23H2.

I have resorted to using a different method of deploying a fixed configuration for the Start Menu for all users in our domain, as follows.

1. Log in to a Windows 11 computer.
2. Pin preferred apps to the Start Menu.
3. Copy this file: %LocalAppData%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start2.bin from the computer to a common network location, typically where you would deploy software packages from.
4. In Group Policy, edit an existing policy or create a new one and go to User Configuration → Preferences → Windows Settings → Files
5. New → File
6. Source: <your network location>\start2.bin
7. Destination: %LocalAppData%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start2.bin
8. Action: Replace

Now when a user logs into their computer, the start2.bin file will be copied into their profile each time, overriding any customisations they may have made in their last session.

If you want to prevent users from making customisations at all, i.e. prevent them from pinning anything to the Start Menu, set the following in Group Policy: