Wednesday, September 23, 2015

Windows 10: Fix your broken start menu + apps on a domain, Event ID 1000

Windows 10 was designed around a new user experience that is supposed to close the gap between tablet/mobile and desktop interfaces.  But what if these new graphical elements (the old name was Metro Apps) will not open?  There are a LOT of cased out there about the windows 10 start menu being broken, and plenty of fixes, but no matter what I tried the start menu would not work.

The domain we are on was updated from SBS 2011, there are a lot of group and security policies, and Windows 10 would work fine, until it was added to the domain.  Once on the domain any attempt to access the start menu, Edge, right clicking on the taskbar or accessing any other new UI elements caused an immediate close of the app, or it wouldn't open at all, and a new entry would show in event viewer:

Event ID: 1000 Application Error
Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp:
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.1643
1, time stamp:
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll

You get the idea, not good.

I finally found a fix buy using procmon and tracing shellexperiencehost.exe and seeing that there was an exit at the point of the fonts folder.  Ah hah, so after checking the permissions of the fonts folder sure enough, there is not a ALL APPLICATION PACKAGES security group listed.  After adding it the new UI elements and start menu started working immediately.  I rebooted just to see if the new permissions survive a reboot and they did.

Here's how to add this group to the fonts folder:

Open cmd as administrator and run the following, it clears the read only and system file attributes from the folder which allows you to edit it.

 attrib –r –s c:\windows\fonts  

You will see the fonts folder looks a little different:
You can now right click on it, then select Properties.  On the security tab click Edit then Add..

Select Locations and choose the computer, then add the ALL APPLICATION PACKAGES group and then check names:

After clicking OK, I gave the group Full control of the folder, I am not sure what specifically it needs to be set to, but this worked for me.

You can change the Fonts folder back to default read-only by doing

 attrib +r +s c:\windows\fonts  

Apparently the new apps under this identity was not able to access the font required to render the app.  If you are having these issues keep in mind that the ALL APPLICATION PACKAGES group is required for many folders in Win 10 and it might not have the access it needs.