How to use Local Group Policy Editor to tweak your computer
This article will show you how to use Local Group Policy Editor to make computer changes.
Note: Group Policy Editor is only available on the Pro version of Windows 10. Home or Home Premium users do not have access to it.
- How to install Group Policy Editor (GPEdit.Msc) on Windows 10 Home Edition
Group Policy is a powerful tool used to set up corporate networks, lock computers so that users cannot make changes, prevent them from running unapproved software and many other uses.
For home computers, uses such as password length limit, computer lock to run only approved executable files are not available. However, this tool has many other things you can configure such as disabling Windows features that you don't like, blocking certain applications or scripting that run when logging out or logging in.
- 8 "tweak" Windows Group Policy any Admin should know
- 4 tips to open Local Group Policy Editor on Windows 8 / 8.1
- 10 important Windows Group Policy settings need to be done immediately
Interface Local Group Policy Editor
The interface of Local Group Policy Editor is similar to other administration tools. Treeview on the left allows users to search for a hierarchical directory structure. It has an installation list, a preview pane to provide more information about specific settings.
You need to consider two top-level directories:
- Computer Configuration : Contains computer settings for all logged-in users.
- User Configuration : Contains settings that apply to user accounts.
In each of these directories there are several other directories that provide some of the available settings:
- Software Settings : Contains software-related and default default configuration on Windows clients.
- Windows Settings: Contains security settings and scripts for login / logout, start / shutdown.
- Administrative Templates : This folder contains registry-based configurations to quickly tweak your computer or user account.
Customize security rules
If you double click on Prevent access to the command prompt , a window like the one below will appear. In fact, most installations in Administrative Templates look like that.
This specific installation will allow you to block users from accessing the Command Prompt. You can also configure the settings inside the dialog box to block batch files.
When you enable the Run only specified Windows applications option in the same directory as the above option, you can allow specific Windows applications to be run on the system.
In this case, if you run an application that is not on the list, you will receive an error message like the one below.
You should be careful to tweak the rules here, otherwise your computer will be locked to be unusable.
Refine UAC settings for security
In the Computer Configuration folder > Windows Settings> Security Settings> Local Policies> Security Options , you will find a variety of interesting settings to secure your computer.
We will look at the first option in this folder as User Account Control: Behavior of the elevation prompt for Administrators . In the dialog box that appears, if you select Prompt for credentials on the secure desktop , you or another user must enter the password whenever you run something in admin mode.
This option makes Windows work like Linux or Mac, asking for a password whenever you make changes.
Some other useful options:
- User Account Control: Only elevate the executables that are signed and validated: This option prevents applications that are not digitally signed to run as admin.
- Recovery console, allow automatic administrative logon : When you need to use the recovery panel to perform system tasks, you need to provide an administrator password. If you forget your password, this option allows you to access your password more easily. However, because you can easily delete Windows passwords, this option is really less secure.
See also: Instructions on how to login to your computer when you forget your password
It is worth noting that many policies in the list do not really apply to all versions of Windows. For example, installing Remove My Documents Icon is only available on Windows XP and 2000. Other policies like At least Windows XP or similar will not work on all versions.
There are many settings in Group Policy Editor, you can take the time to learn them. Most of the settings here allow you to disable Windows features that you don't like, very few settings that offer no functionality by default.
Set up scripts to run when logging in, logging out, starting or shutdown
If you want to set up the script for logout, log in to run each time you boot your computer, you can only do this on Group Policy Editor.
This is really useful when cleaning your system or making quick backups of certain files every time you turn off your computer. You can use batch files or even PowerShell scripts. One thing to note is that these scripts must be run 'quietly' otherwise it will block the logout process.
There are two types of scripts you can use:
- Startup / Shutdown Scripts : You can find these scripts inside Computer Configuration> Windows Settings> Scripts and run in Local System accounts, so they can manipulate system files but not run as user accounts .
- Logon / Logoff Scripts : This script is found in Configuration> Windows Settings> Scripts and is run in the user account.
Note, the logout and login scripts will not allow you to run utilities that require administrative access unless you disable UAC completely.
For example, we will create a logout script by accessing User Configuration> Windows Settings> Scripts and double-clicking Logoff .
The Logoff properties window allows you to add logout scripts to run.
In addition, you can also configure PowerShell scripts.
Note, you need to leave these scripts in a specific directory so they can work correctly.
Let the script log out and log in in the directory below:
- C: WindowsSystem32GroupPolicyUserScriptsLogoff
- C: WindowsSystem32GroupPolicyUserScriptsLogon
And let the script start and shut down the computer in the directory:
- C: WindowsSystem32GroupPolicyMachineScriptsShutdown
- C: WindowsSystem32GroupPolicyMachineScriptsStartup
After configuring the logout script, you can test it.
Note, if the script requires user data to be imported, Windows will be suspended during shutdown or logout for 10 minutes before turning off the script and Windows can restart. Therefore you need to note this point while creating the script.
In the enterprise, it is one of the most powerful and important tools. However, this article only aims to introduce Group Policy's basic usage to amateur users, so it won't go into details.
You should read it
- How to install the Microsoft Edge Group Policy template on Windows 10
- Fixed an issue that could not replace Windows 10 desktop wallpaper with Group Policy
- What is GPEdit.Msc (Group Policy Editor)? How to use GPEdit to configure a computer
- How to apply Local Group Policy to specific user accounts in Windows 10/11
- 8 'tweak' Windows Group Policy any Admin should know
- How to install Group Policy Editor (GPEdit.Msc) on Windows 10 Home Edition
- Configure App-V with Group Policy Objects
- How to view all applied Group Policies in Group Policy Editor
May be interested
- How to create a hacked Windows Registry file yourselfwhen reading the tips, you see people use hacked registry files to customize and tweak windows computers and wonder how to create them. this article will guide you through the basic steps to create your own registry hack file.
- Fixing errors cannot Copy Paste in Windowscopy paste is one of the most basic and handy functions in windows. if you can't copy and paste on windows, follow these steps.
- How to fix CMOS Checksum errorscmos is a battery-powered semiconductor chip on the motherboard, storing all bios-related information.
- How to fix 0xc000007b error on Windowserror 0xc000007b is an application error code on windows that appears when it cannot be started.
- How to delete the TSR automatically starts when the computer is turned onthis tutorial includes steps to temporarily remove tsr (terminate-and-stay-resident) programs from memory and how to prevent them from automatically loading every time the computer starts.
- Fix Illegal Operation error on computerwhen the computer operating system or processor receives a command from a program that it does not recognize and cannot process, a command called illegal operation will appear.