Another toast notifications post – this time to deal with an issue where users have turned off toast notifications. In my deployment of Windows 10 feature updates for example, I use toast notifications to inform users an update is available. Once we hit the installation deadline, the notifications become more aggressive and display more frequently and do not leave the screen unless the user actions or dismisses them. But we found that some users turn off toast notifications altogether – perhaps they just don’t like any notifications, or perhaps they don’t like being reminded to install the feature update.
In any case, since toast notifications are a key communications channel with our users, it’s important for us that they stay enabled.
Users can disable toast notifications in Settings > System > Notification & actions – simply turn off the setting Get notifications from apps and other senders.
There is also a group policy setting that can disable toast notifications and lock the setting so the user can’t turn it back on.
However, I was surprised to find no setting to do the opposite thing – turn notifications on and lock the setting preventing the user from turning them off..
What I did find is a registry key that enables or disables toast notifications in the user context, but it doesn’t take effect without restarting a service called Windows Push Notifications User Service.
Here’s the registry key. Setting it to 1 enables notifications and 0 disables.
Because this is not being done by group policy, you can’t lock the setting unfortunately. But what you can do is use a Configuration Manager compliance baseline, or even Proactive remediations in MEM, to detect and remediate and turn notifications back on if a user has turned them off. It needs to run with sufficient frequency to be effective.
Here is a detection script for MEMCM that will check the registry key and if it exists and is set to zero, will flag non-compliance.
$ToastEnabled = Get-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name ToastEnabled -ErrorAction SilentlyContinue | Select -ExpandProperty ToastEnabled
If ($ToastEnabled -eq 0)
{
Write-host "Not compliant"
}
Else
{
Write-host "Compliant"
}
And here’s a remediation script that will set the registry key to the ‘enabled’ value, and restart the push notifications service.
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" -Name ToastEnabled -Value 1 -Force
Get-Service -Name WpnUserService* | Restart-Service -Force
Remember to run these in the user context and allow remediation.
With this active, we can’t completely prevent users from turning off notifications altogether, but if they do, we’ll turn them back on. If they want to fight with the remediation, that’s on them 🙂
Do you have a solution for if they disable specific app notifications? For example, this will turn on notifications but they can t urn off “Windows PowerShell” notifications and then we are back to square one.
This helped me through my Notification project – thanks! Have the same trouble with no good way to keep users from disabling messages I want to send them.
I will piggy back on it with this scenario — the users can disable all notifications as you have described, and they can also disable the powershell notifications while leaving the overall notifications turned on.
To flip the powershell notifications back online this registry entry should be checked:
Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe
The GUID number appears to be the same for my environment, but not sure if that will hold up for all builds, so that may need to be adjusted.
In any case, if an Enabled = 0 REGDWORD exists in the key, the notifications for powershell have been disabled, and would need to be set to Enabled = 1, or, based on my testing it looks like if the key is removed it defaults to 1, and then likely need the push service restart.
Thanks for this info!
Thanks for pointing out how you circumvent administrative settings, I will just have to create a service which will check for your “fixes” and revert as necessary. You dont have any right to force a user to receive your messages, which are most likely advertising to upgrade.
@chris you made me laugh there. If you want to fight with company IT good luck. It’s not your machine. You can do whatever you want on your personal computer. Thanks for this post I’ll implement. Can’t have people restarting machines once a month during mandatory patch week.