You can easily run one or multiple programs at logon without messing with the Registry by using Group Policy Object (GPOs).
Under User (or Computer) configuration > Administrative Templates > System > Logon > Run these programs at user logon you can insert the path of the executable. Very clean and straight forward.
I was trying to enable Bitlocker on my C: drive, but unfortunately my PC does not have a physical TPM chip built-in. Turns out there is a way to enable Bitlocker Drive Encryption without the TPM chip with help of Group Policies.
Open Local Group Policies (gpedit.msc) > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives > Require additional authentication at starutp
Enable this Policy and leave the default settings.
Now in Windows Explorer, Bitlocker can be turned on:
Because there is no TPM chip available, we either have the option to enter a password every time the OS boots or unlock the drive with a USB flash drive.
How to import them in the GP Editor? Easy. You can test them on your local machine first. Just copy the files msedge.admx and msedgeupdate.admx to C:\windows\PolicyDefinitions and the language .adml files to C:\windows\PolicyDefinitions\en-US.
In an Enterprise environment you normally move these files into the central group policy store, located under \\domain.com\SYSVOL\domain.com\policies\PolicyDefinitions.
After opening Group Policy Editor (gpedit.msc), under Computer Configuration > Administrative Templates you will see the newly imported Policies:
Now let’s specifically configure the IE Mode feature. For that we need to configure two settings. The first will configure the IE Mode and the second one lists the websites that are affected by IE Mode.
Under Microsoft Edge > Configure Internet Explorer Integration you want to select Internet Explorer Mode in order to integrate IE with the new Edge in case one of the specificied URLs is visited:
The second one is located under Windows Components > Internet Explorer > Use the Enterprise Mode IE Website List. You can use a file:///C:/local/path.xml, a \\network\path or a https://URL that hosts the XML file. I will be using a local path here.
With the MS Tool Enterprise Mode Site List Manager you can easily add or edit the site list. Just add a new URL, select the IE Mode you want to use and save it as an XML.
Now do a gpupdate /force, restart Edge and test your site. You will know that the policy has applied if you see the IE icon when you visit a site you have specified in the Enterprise Mode Site List Manager.
If you are having issues getting this to work, make sure your device has the latest Windows Updates installed, like stated in the Microsoft documentation.
Also this feature is not yet supported on Windows Server 2016 and some older versions of Windows 10.
If you have problems with MS Edge on Windows Server 2016 RDS with Citrix XenApp, you will have to exclude the process msedge.exe from Citrix hooks:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook
REG_SZ “ExcludedImageNames”
Value “msedge.exe”