Trying this out on my PC. I use Window 10 IoT Enterprise edition.
Thoughts:
Security Baseline
One thing you might want to note (sorry if its included and I do not see it) but the security baseline completley disables elevating permissions from a standard user (ie running something as an administrator).
It makes a lot of sense to do this if you are the admin at a company but for personal use this can be annoying for the average user, as there are a lot of common applications that can require elevation to run.
I think it would be helpful to show how to change that policy so people do not end up using their admin account as the daily driver or reverting back to not using the security baseline.
The can be done by going into settings under Windows Settings/Local Policies/Security Options/User Account Control
and changing either
User Account Control: Behavior of the elevation prompt for standard users (this is the one I had to change)
or
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
Attack Surface Reduction
EDIT: was able to find the options, somehow was not seeing the options in plain sight 
Also a bit confusing that in GPO it states
But if you got to the microsoft page about attack surface reduction 6 (warn) is also an option.