Best Group Policy Settings You Need To Tweak To Control Windows

Best Group Policy Settings

Before we begin , allow ’s realise that Group Policy is a graphic tool that lets you edit aboriginal OS setting , Kernel options , etc . However , tweaking the Group Policy in a ill-timed way can even cause your OS to malfunction . So , if you are going to make any change make certain to export the listing before make any modification .

How to Access Group Policy

One of the biggest caveats of Group Policy is it is useable only on those computers incline Windows Professional , Education , or Enterprise Versions . Even though you are turn tail Windows Home , you’re able to access Group Policy but with few workarounds , which I will explain below .

Accessing Group Policy from Command Promt

To get at Group Policy , there are multiple ways , one of the well-to-do ways is toopen the Command Prompt > type “ gpedit.msc ” and click enter .

1. Disable any Software Installation

By not allowing substance abuser to install various software , you may decrease the amount of maintenance and cleaning need when something spoilt is install as it is also one of the potential reason for the malware . This is even more useful especially in school , where you want students to access only what call for .

If you require to restrict drug user from installing or running programs , you’re able to adjust that by openingGroup insurance policy > Navigate to Computer Configurations > Administrative Templates > Windows Components > Windows Installerand double chatter onTurn off Windows Installeroption . Change the stage setting to enable and ensure the option say “ For Non - handle applications only ” , so that they can install all the apps which are permitted by management . Now select Apply and re-start the computer for changes to take place .

freeze to run Specific Applications

Accessing Group Policy from Windows 10

Blocking all apps to instal is overkill in many situations . If all you wanted is blocking out just a few apps then you could make these change to the Group Policy .

OpenGroup Policy > User Configuration > Administrative Templates > Systemand double clickDon’t run set apart Windows applicationsoption . Change the setting to enable and tap the show push . Now you may get into the list of the apps you want to be blocked for the users and flick ok . Now click hold and restart the system for the scope to apply .

2. Block the access to Control Panel

It is important to set limits for the controller board mostly in business surroundings as it gives you ascendency over the entire system of rules . you may either block full access or limit its access .

To block the access , open Group Policy > User Configuration > Administrative Templates > Control Panel > and double click onProhibit access to Control Panel and PC settingsand come home on enable and apply . And the change will be applied right away .

Show only Specific mastery panel items

Disabling software installation using group Policy

The above process blocks access to the entire control control board . But if you are looking to bound the usage . you may do that by open up Group Policy > User Configuration > Administrative Templates > Control Panel > and doubly click onShow only nail down Control Panel itemsand select enable . Now select the show option to specific each control condition panel option to show . If it is not on this lean , it will not show to the exploiter .

This means you ’ll need to carefully pick and type out each Control Panel item you ’d like to let in . you could find the name ofall Control Panel items on Microsoft ’s website .

3. Disable Command Prompt

Command Prompt is doubtless so useful and also a incubus at the same metre as it gives the opportunity to the users to launch the command and programs which you are not mean to . It can also be a unsafe peter in the mitt of the inexperienced . There are a lot of reasons to incapacitate the command prompt , Maybe you ’ve got Kid who deal a family computer or you have guests utilize your computer when they stay with you . Or perhaps you ’re run a business computer you need to lock it down .

To disable , openGroup Policy > User Configuration > Administrative Templates > Systemand dual come home onPrevent access to the bidding promptoption . interchange the Policy to enable and utilise . Now you need a restart for the changes to apply .

Same as the Command Prompt , registry editor in chief can even fall in things and bypass few group insurance restrictions . So to safeguard the policy , you’re able to openGroup Policy > User Configuration > Administrative Templates > Systemand dual click onPrevent access to register editing toolsand enable it . Now fall into place on enforce and resume the microcomputer to apply changes .

Enabling turing off windows installer

5. Block Removable Media Drivers

USBs or other form of obliterable medium gadget can be dangerous for the PC . If someone accidentally or purposefully connects a Virus septic storage gimmick , it may affect the personal computer or even the domain of a function . When running a lot of figurer , admit mass medium drivers makes it hard to bring off the storage . obstruct removable media drivers is unremarkably used in many schoolhouse and colleges .

To block media driver , openGroup Policy > User Configuration > Administrative Templates > System > Removable Storage Accessand threefold tap theRemovable Disks : Deny take access . Now press the enable option and apply to stop microcomputer to translate external drivers .

block write option

Enabling not running specific applications using group policy

The above alternative will only make personal computer to not say the file in the external gadget . But you could still imitate the files into the external gimmick . If you want to safeguard the single file , you need to block the write option too . This is normally implement in clientele environment .

To block write options , openGroup Policy > User Configuration > Administrative Templates > System > Removable Storage Accessand twofold snap on theRemovable disk : Deny writes access . Now activate the alternative and quality apply to put on the changes .

Alternatively , you may useAll Removable Storage classes : Deny all accessto block both interpret and write options at the same metre .

listing the apps to get blocked

6. Hide Partition Drive from Computer

If there is any sensitive information in the system , you might want to hide it from the specific users to get at it . you may do that from Group Policy setting . But do remember that this mount will only enshroud it from Indian file adventurer and few other apps , but people can still get at it from the dictation command prompt .

Anyhow , you could enshroud it by openingGroup insurance policy > User Configuration > Administrative Templates > Windows Components > Windows Explorerand threefold - clicking onHiding these specified drives on My Computerand select the enable option . Once enabled , press the dip - down menu in the Options panel and choose which drives you would like to hide . The private road will be hidden when you will press OK .

7. Increase the Minimum Password Length

The default Windows Password distance is 8 and you need to be using at least one uppercase , lowercase , and number or special character . It is actually well secured . But you could improve security by increasing the password length . you may gear up it up to 14 along with using capital , lowercase , and number or special character .

you’re able to change that by openingGroup policy > Computer Configuration > Windows configurations > Security preferences > Account Policies > Password Policyand double - clickMinimum password lengthpolicy & Specify a value for the length and tap and apply .

8. Track Account Logins

With Group Policy you’re able to force window to track all successful and failed logins to the PC . you’re able to either fix it to a specific information processing system or a specific user . Anyhow , this will be useful to dog the unauthorized soul who is attempt to login . you may enable it by openingGroup Policy > Computer Configuration > Windows options > Security configurations > Local Policies > Audit Policyand double tap onAudit logon events .

Here check the checkbox next to“Success”and“Failure”options . When you will press ok , Windows will begin keeping a disc of logins made to the personal computer .

To view those logins , Open Run and entereventvwrto open Windows Event Viewer . Now thrive theWindows Logsand then select theSecurityoption . In the halfway gore , you’re able to expect at all the login attempts . you’re able to look at the story assay to lumber - in , date , and also the prison term . But succeeder and failed attempts are mentions with code .

Blocking the access to control panel using Group Policy

9. Disable OneDrive

You might wish OneDrive or totally detest it . If you or your organization do not utilise OneDrive or you just desire to remove from your PC , you could do with Group Policy . OpenGroup Policy > Computer Configuration > Administrative Templates > Windows Components > OneDriveand bivalent clickPrevent the usage of OneDrive for file cabinet memory . Now enable it and dawn use . You need to restart the microcomputer for the variety .

10. Keep Group Policy Changes in Control

Anyhow , these change can be revert back to normal by using the Group Policy with the same method but setting them back to disable . you’re able to remain in rush of Group Policy by usingGroup Policy Object Auditing . To keep a uninterrupted track of changes made in Group Policy Objects , tryLepide Change Reporter .

Wrapping up

Once done adjusting the Group Policy preferences , You need tomove preferences to the estimator group in Active Directorywhere you’re able to adjust the directory for every PC in the domain . you may alsoset specific Group Policies for only private user or computers . Now all you need to do is download the Group Policy from Active directory to apply . Any changes to the active directory will mechanically apply to the individual system .

Best Group Policy Settings You Need To Tweak To Control Windows