IT-Dienstleistungen

gpedit.msc

All posts

Windows

Local Group Policy Editor

# WINKEY+R
gpedit.msc

Examples:

  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level
    • Send NTLMv2 response only. Refuse LM & NTLM.
  • Computer Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage classes: Deny all access
  • Computer Configuration\Administrative Templates\Windows Components\OneDrive\Prevent the usage of OneDrive for file storage
  • Computer Configuration\Administrative Templates\Windows Components\Search\Don’t search the web or display web results in search
  • Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon Logoff\Audit Logon and Logoff
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator account
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts:Guest account status
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode
  • Computer Configuration\Administrative Templates\Network\WLAN Service\WLAN Settings\Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services
  • Group Policy\User Configuration\Administrative Templates\Windows Components\File Explorer\Hide these specified drives on My Computer
  • User Configuration\Administrative Templates\System\Don’t Run Specified Windows Applications
    • PowerShell.exe
  • User Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies
    • Right-click - New Software Restriction Policies - Additional Rules - New Path Rule - C:\Windows\System32\WindowsPowerShell\v1.0
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Machine inactivity limi
  • Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
  • User Configuration\Administrative Templates\System\Prevent access to the command prompt
  • User Configuration\Administrative Templates\Control Panel\
    • Prohibit access to Control Panel and PC Settings
    • Hide specified Control Panel items
    • Show only specified Control Panel items
    • Settings Page Visibility
  • Computer Configuration\Administrative Templates\Windows Components\Windows Installer
    • Always install with elevated privileges
    • Prohibit non-administrators from applying vendor signed updates
    • Prohibit removal of updates
    • Prohibit rollback
    • Prohibit use if Restart Mangaer
    • Prohibit User Installs
    • Turn off creation if System Restore checkpoints
    • Turn off Windows Installer
  • Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank password to console logon only