You may have heard an IT professional at work talking about GPOs or custom policies. Or maybe you want to know how to better control your computer. In any case, Windows 10 Group Policy Editor is the right tool. With it, you can work with Group Policy Objects (GPOs) to customize your computer’s functionality and user experience.
In a networked environment, Group Policy Editor is used to configure everything from allowed programs to run to customizing the desktop. It does this in partnership with Active Directory For a typical Windows 10 user who doesn’t have Active Directory, we can still use Local Group Policy Objects (LGPOs) to configure our computers.
Where can I find the Windows 10 Group Policy Editor?
If you have Windows 10 Home, you don’t have a Group Policy Editor. It is only included in Windows 10 Pro and Windows 10 Enterprise.
The actual name of the program is gpedit.msc and usually it is located in C: Windows System32 gpedit.msc or% windir% System32 gpedit.msc.
But you don’t need to open File Explorer to find it every time you want to use it. There are several ways to access the Group Policy Editor.
- Open the start menu and search gpedit.msc.
- Press Windows Key + R. Type gpedit.msc in the Run window and select OK.
- Create a shortcut to gpedit.msc and place it on your desktop.
- In Explorer, navigate to C: Windows System32 gpedit.msc.
- Right-click the gpedit.msc file and select Create Shortcut.
- A window will appear with the message: “Windows cannot create a shortcut here. Do you want the shortcut to be placed on the desktop? »Select Yes. Once created, the shortcut can be moved to any location.
Windows 10 Group Policy Editor Guided Tour
After you open the Group Policy Editor, you will see two main categories on the left side of the window. There are Computer Configuration and User Configuration.
– /
Computer configuration policies will apply to the entire computer and affect its operation and the operating system as a whole. These settings do not change depending on who is logged on to the computer.
The policies in user configuration are applied to users. User configuration policies are ideal for customizing the user’s desktop. If you change only Local Group Policy Objects (LGPOs), this will apply to all users on that computer.
If you care about servers and apply Group Policy in your Active Directory, the settings might apply to all or some users. It all depends on the level at which the policies are applied.
As you move on to different sections, you will see different areas for different applications or services. Pay special attention to what is in the Administrative Templates sections under Computer Configuration and Custom Configuration.
Administrative templates can be added for many different applications that you can install. For example, there is a large set of administrative templates for Microsoft Office that you can add to the Group Policy Editor. Even non-Microsoft companies like Google, FoxIt PDF reader and LogMeIn Remote Desktop Access provide you with administrative templates. Downloading and installing them is a bit of a complicated process, but not all that hard.
There are too many policies for us to study and describe what they are capable of.
If you want to see all the Administrative Template Policies available under Computer Configuration or User Configuration, go to Administrative Templates> All Settings and select it. In the right pane, you will see a long list of possible settings. The image below shows 2500 settings. There may be more on your computer or server.
At the time of writing, there were over 4,200 policies in Windows. This is not counting the various administrative templates that you can add.
If you would like to learn more about all Microsoft policies, you can download the Microsoft Group Policy Settings Reference for Windows and Windows Server.
What can I do with the Windows 10 Group Policy Editor?
Think of the Group Policy Editor as a safe way to work with the Windows Registry. The Group Policy Editor won’t let you change anything you can in the Windows Registry, but it does allow you to almost change anything you want to change in the Windows Registry.
Security policies are a great place to start. Let’s take a look at setting up a policy to disable Windows Command Prompt
With the Group Policy Editor open:
- Go to User Configuration> System.
- In the right pane, select Deny command line access. Open it with a double click.
- To just enable it, click the Enabled radio button.
- This is optional. You can also prevent batch scripts from running by also changing the Disable command line script processing? from “No” to “Yes”.
Take a moment to read the “Help:” section to fully understand what this option is capable of. If you need to run batch files for system maintenance, do not enable this.
While you’re in this area, check other options such as Prevent access to registry editing tools and Run only specified Windows applications. These are good security settings that you can work with too.
There are so many things you can do, and we have articles on many of them. We can show you the best way to turn off Cortana, how to enable biometrics for Hello Fingerprint to work, and how to set detailed password policies for users. Go there, take a look around, and you will be pleasantly surprised how much you can control and customize your PC with the Windows 10 Group Policy Editor
–