You can use Windows Group Policy to control your PC easily with the guide given here. The Windows Group Policy editor is an internal tool of Microsoft operating systems that allows greater control of the PC’s operation or the ability to make some adjustments that are not available using other less advanced managers such as the Control Panel or General System Settings.
Group Policy is an essential tool for IT administrators as it provides a centralized way to manage and enforce all kinds of operating system, application and user settings in an Active Directory environment. These settings are maintained by a domain controller and cannot be overridden by individual client computers. Although its use is more common in the configuration of business networks, organizations or schools, it is also interesting for end users of home machines.
It should be mentioned that Windows 10 is not exactly a simple operating system to customize and does not have adequate internal tools to substantially vary its appearance, behavior of its components or access to “hidden” functions that are not directly accessible and hence we recommend the use of external applications to tune it and leave it to everyone’s taste.
However, let’s say ‘administrative’ procedures are better covered and this manager is an example. Think of it as a Control Panel, but much more powerful. You can restrict access to parts of the system, force a certain home page for all users, or run certain scripts every time a computer is turned on or off. Internally, most of the Windows Group Policy editor options simply make adjustments to the system registry. We use Windows Group Policy for different tasks to automate and control PC.
However, this application provides a much friendlier interface to manage these options without having to manually search the Registry. We review your access and present examples of functions that can be used by an end customer to improve the control of machines on their local network or shared PCs.
Windows Group Policy Access
This manager is available in the professional, educational and business versions of Windows 10. Microsoft does not offer it officially in Windows 10 Home, although in this version external applications such as Policy Plus can also be used, an open source tool that provides access to the configuration from the Group Policy Editor and the Windows Registry.
Assuming you are using Windows 10 Pro, access is very easy. And in several ways:
- Open the start menu, search for “group policy” and launch the application.
- Or press the keyboard shortcut “Windows + R” and type the command gpedit.msc to start the editor.
Most configurations require a restart of the computer before implementing them. If you want to avoid it, after the changes you can open the Windows console with administrator privileges and run the command..
gpupdate /force so that they are activated.
10 usage examples for client machines
There are hundreds of different options, preferences and settings that can be activated. Of course, you have to know what you are doing because this set of rules controls the working environment of user and computer accounts, and basically allows you to control what can or cannot be done on the PC. A poor fit can cause problems or unwanted behaviors.
However, there are simple controls that can be useful for local networks or client machines and that help us to begin to know the possibilities of this manager. As an example:
– Restrict access to control panel and Settings. Access restrictions to these controls are vital for business networks and school environments, but can also be useful at home for computers shared between multiple users. If you want to prevent your kid from changing system settings, this is a good step to take. The configuration is always done in the same way:
- Open the editor.
- Go to the path User Configuration> Administrative Templates> Control Panel> Prohibit access to PC Settings and Control Panel
- Edit the value.
This policy allows you to disable all or only specific parts of the Control Panel.
Block access to the command prompt: The Windows console is very powerful and Windows Terminal is an interesting reunification of all the command lines of the system. But in the wrong hands, it can be a major security or stability issue. To disable it edit:
User Configuration> Administrative Templates> System> Prevent access to command prompt
This policy prevents the execution of the command prompt and also the execution of batch files in CMD or BAT formats.
Prevent software installation: Another key action to prevent the introduction of malware or PUAs, and reduce system load and maintenance in the process.
Computer Configuration> Administrative Templates> Windows Components> Windows Installer> Disable Windows Installer
This policy only affects Win32 software, apps from the Windows Store could still be installed by third parties.
Disable forced reboots: Although there are other options to postpone it, Windows 10 will eventually restart the computer when it has pending updates. You can regain control by enabling a Group Policy item. From there, Windows will only apply pending updates when the user reboots manually.
Computer Configuration> Administrative Templates> Windows Components> Windows Update> Do not restart automatically with users who are logged into automatic update installations
Disable automatic driver updates: Windows 10 can update drivers without implicit user permission and in many cases it is a problem because you may want to use a custom driver or the latest version provided by Microsoft does not work properly with particular hardware. To disable automatic driver updates go to this path:
Computer Configuration> Administrative Templates> System> Device Installation> Device Installation Restrictions> Prevent the installation of devices that match any of these IDs. device.
Once enabled, you will need to provide the hardware ID for the devices whose driver update you want to limit. You can get them from the Device Manager in the Control Panel. In the example we prevent the update of the driver of our graphics card to always use the manual driver that we have installed with the external NVIDIA software.
Disable removable drives: External drives such as optical media or those that use flash drives and connect to USB are very useful, but are potentially a preferred route of introduction of malware. This limitation in Windows group policies is used by default in companies, but also in home networks and client machines that use multiple users.
User Configuration> Administrative Templates> System> Removable Storage Access
In this policy you can disable read or write access to optical media, floppy disks or flash drives, although persistent USBs are always the most problematic.
– Hide notifications: We use them daily on mobile devices and Microsoft or Apple have also introduced them into their systems for PCs. I don’t know about you. For me they are a real pain in the ass when I’m working at the desk and they are more annoying than the supposed utility they offer. It can be disabled from:
User Configuration> Administrative Templates> Start Menu and Taskbar
There you can deactivate the balloon notifications and the rest, in addition to making a lot of other customizations.
– Delete OneDrive: Microsoft integrated OneDrive by default into Windows 10 with the goal of powering its own cloud storage service. Personally I use it together with Office 365 and the truth is that it works perfectly. But if you don’t use it or if you have another storage service, it is a hassle to have it from startup or taking up unnecessary space in the file explorer. Although it can be uninstalled by other methods, the action in Windows Group Policies is final for the current version of the system and subsequent updates, and is performed from the path:
Computer Configuration> Administrative Templates> Windows Components> OneDrive> Prevent the use of OneDrive to store files
– Shut down Windows Defender: The antivirus built into Windows 10 has improved so much that most users avoid installing third-party security software. Defender is self-managed and will stop working automatically if you install a third-party antivirus. That is the theory, because we have seen conflicts in the past with these types of facilities. If the change does not work correctly and you use external security software, it can be completely disabled here:
Computer Configuration> Administrative Templates> Windows Components> Windows Defender> Turn off Windows Defender
– Run scripts at login / startup / shutdown: The last example is more advanced than the previous ones. It is also used a lot by administrators, but the vast majority of users will not use it. If you are an advanced user and comfortable with these batch files that can be written in the PowerShell console, they can be activated automatically with group policies.
Computer Configuration> Windows Settings> Scripts
These scripts can be activated both for machine startup / shutdown, as well as logon / logoff.
These are just a few examples of the use of these Windows group policies because there are tens / hundreds of actions that can be used in each section of this editor, in a simpler way than having to be touching the system registry. In addition, each of them includes a short written tutorial on what it affects.
Obviously, most of these policies are created with companies, organizations or schools in mind, but they can also be used in home networks and shared client computers where the main user wants to maintain control and security of them or customize the operation of a lot of sections of the PC.
In Technoeager | Tips to increase download speed in Windows 10
