Prevent Users from Disabling Toast Notifications – Can it be Done?

Another toast notifications post – this time to deal with an issue where users have turned off toast notifications. In my deployment of Windows 10 feature updates for example, I use toast notifications to inform users an update is available. Once we hit the installation deadline, the notifications become more aggressive and display more frequently and do not leave the screen unless the user actions or dismisses them. But we found that some users turn off toast notifications altogether – perhaps they just don’t like any notifications, or perhaps they don’t like being reminded to install the feature update.

In any case, since toast notifications are a key communications channel with our users, it’s important for us that they stay enabled.

Users can disable toast notifications in Settings > System > Notification & actions – simply turn off the setting Get notifications from apps and other senders.

There is also a group policy setting that can disable toast notifications and lock the setting so the user can’t turn it back on.

However, I was surprised to find no setting to do the opposite thing – turn notifications on and lock the setting preventing the user from turning them off..

What I did find is a registry key that enables or disables toast notifications in the user context, but it doesn’t take effect without restarting a service called Windows Push Notifications User Service.

Here’s the registry key. Setting it to 1 enables notifications and 0 disables.

Because this is not being done by group policy, you can’t lock the setting unfortunately. But what you can do is use a Configuration Manager compliance baseline, or even Proactive remediations in MEM, to detect and remediate and turn notifications back on if a user has turned them off. It needs to run with sufficient frequency to be effective.

Here is a detection script for MEMCM that will check the registry key and if it exists and is set to zero, will flag non-compliance.

$ToastEnabled = Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name ToastEnabled -ErrorAction SilentlyContinue | Select -ExpandProperty ToastEnabled
If ($ToastEnabled -eq 0)
{
    Write-host "Not compliant"
}
Else
{
    Write-host "Compliant"
}

And here’s a remediation script that will set the registry key to the ‘enabled’ value, and restart the push notifications service.

Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name ToastEnabled -Value 1 -Force
Get-Service -Name WpnUserService* | Restart-Service -Force

Remember to run these in the user context and allow remediation.

With this active, we can’t completely prevent users from turning off notifications altogether, but if they do, we’ll turn them back on. If they want to fight with the remediation, that’s on them 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.