We run 10's of Remote Desktop Session Hosts (RDSH) providing a Windows 10 experience on Server 2016 for over a 1,000 users. Over time the consumer extras such as Cortana end up adding firewall rules for each user that logs on to the RDSH. Over time the number of firewall rules builds up to silly levels and significantly slows down some operations on the server such as login.
To prevent this build up we have resorted to implementing a machine login script via GPO. The login script held on the DCs includes some powershell to tidy up the firewall rules. As the RDSH's are powered off each night they are kept nicely tidy.
Are there any better options? Are there any plans to rectify this and so remove the need for the script?