There is no particular reason why you need to do this, but if you are looking for a bullet proof method that makes no one can run modern apps, including those default universal apps, this is one way to do it.
That is completely disabling UAC. Note that sliding the notify level in the UAC control panel all the way down to Never notify doesn’t do the trick. You need to disable it in Group Policy to make it work.
Here is how to completely disable UAC on Windows:
Open Local Group Policy Editor, navigate to the following location:
Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options
Then, on the right panel, scroll down to the bottom to locate a policy named User Account Control: Run all administrators in Admin Approval Mode. By default, it’s Enabled. Double-click and change it to Disable.
Close Group Policy Editor and restart your computer.
Now let’s launch any of the universal apps or apps you install from Windows Store and see what happens.
That’s right. All modern apps as well as default universal apps, even including Edge browser will be blocked from running after UAC is disabled through Group Policy. Obviously, it’s not an ideal situation you will normally do. But you never know.
So, what’s behind the scene is that by disabling UAC it basically tells the computer that all applications are executed with full admin privileges as built-in Administrator. And that would also apply to all modern apps. But Modern apps are designed to be executed only with a standard user access token.
Lastly, tip my hats to 4sysops for the trick.