Do you wish you could change some of the behavior of Windows 10? Maybe you want more control over certain features, or want to make tweaks that aren’t available in the Settings panel.
A great way to gain more control over your computer is using Group Policy. There are many useful Group Policy settings that home users can use to change how Windows 10 works. Let’s take a look at some of the best Group Policy settings to make your system better.
What is Windows Group Policy
Group Policy provides a centralized way to configure and enforce all kinds of settings across computers on an Active Directory network. This setting is managed by the domain controller and individual computers cannot override it.
As such, Group Policy is most common on Windows domains in business settings. However, computers that are not on an Active Directory network (meaning most machines at home) can still change their settings locally using the Local Group Policy Editor.
Think of it like the Control Panel, except it’s much more powerful. With Group Policy, you can restrict access to parts of the system, force a specific home page for all users, and even run certain scripts every time the computer is turned on or off.
Behind the scenes, most of the options in the Group Policy Editor are just tweaks to the Windows Registry. The Group Policy Editor provides a much friendlier interface for managing these options without having to manually browse the Registry.
The only downside is that by default, Group Policy is only available for computers running Windows Professional or higher editions. If you are using Windows Home, this omission may convince you to upgrade to Windows 10 Pro despite the workarounds we mention below.
Accessing the Group Policy Editor
Accessing the Group Policy Editor is easier than you think, especially on Windows 10. Like most utilities in Windows, there are several ways to access it.
Here’s one reliable method:
- Open the Start Menu.
- search Group Policy.
- Launch entry Edit Group Policy emerging.
For another method, press Win + R to open the Run dialog box. There, enter gpedit.msc to launch the Group Policy Editor.
Although we mentioned that Group Policy is usually not available on Home editions of Windows, there is a workaround you can try. This involves some basic system tweaks and the installation of a third-party Group Policy Editor.
Applying Group Policy Updates
For some Group Policy settings, you will have to restart your computer before they take effect. Otherwise, once you are done making changes, launch an elevated Command Prompt and run the following command:
This forces any updates you make to Group Policy to take effect immediately.
10 Cool Things To Do With Group Policy
The Group Policy Editor lets you change hundreds of different options, preferences, and settings, making it impossible to cover them all here.
You can feel free to have a look, but if you’re not confident, it’s possible to avoid experimenting with random policies. One bad tweak can cause problems or unwanted behavior.
Now, we’ll take a look at some recommended Group Policy settings to get started.
Restrict Access to Control Panel and Settings
Control Panel restrictions are critical for business networking and school environments. However, they can also be useful at home for computers that are shared between multiple users. If you want to prevent children from changing settings, this is a good step to take.
To completely block Control Panel, enable this object:
User Configuration > Administrative Templates > Control Panel > Prohibit access to Control Panel and PC Settings
If you want to grant access to only certain parts of the Control Panel, you can set it using one of the following two items:
User Configuration > Administrative Templates > Control Panel > Hide specified Control Panel items
User Configuration > Administrative Templates > Control Panel > Show only specified Control Panel Item
Enable them and you will be able to show which Control Panel Applets you want to show or hide. Use the Microsoft Canonical Names of Control Panel Items to list them.
Block Command Prompt
Despite how useful the Command Prompt can be, it can be a nuisance in the wrong hands. Allowing users to run unwanted commands and circumventing any other restrictions you may have is not a good idea. Thus, you can disable it.
To disable Command Prompt, go through this value:
User Configuration > Administrative Templates > System > Prevent access to the command prompt
Note that enabling this restriction means that cmd.exe cannot run at all. Thus, it also prevents execution of batch files in CMD or BAT format.
Prevent Software Installation
You have many ways to block users from installing new software. Doing so can help reduce the amount of maintenance you need to perform when people carelessly litter. It also reduces the chances of malware getting into your system.
To prevent software installation using Group Policy, visit:
Computer Configuration > Administrative Templates > Windows Components > Windows Installer > Turn off Windows Installer
Note that this only blocks the Windows installer, so people can still install apps using the Windows Store.
Disable Force Restart
While you can enable some options for delaying, Windows 10 will eventually restart your computer on its own if you have any pending updates. You can take back control by enabling the Group Policy item. After doing so, Windows will only apply any pending updates when you restart itself.
You will find it here:
Computer Configuration > Administrator Templates > Windows Components > Windows Update > No auto-restart with logged on users for scheduled automatic update installations
Disable Automatic Driver Updates
Did you know that Windows 10 also updates device drivers without your explicit permission? In many cases, this is useful, as it aims to keep your system up-to-date.
But what if you run a custom driver? Or maybe the latest drivers for certain hardware components have bugs causing your system to crash. These are the times when automatic driver updates do more harm than good.
Enable this to disable automatic driver updates:
Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > Prevent installation of devices that match any of these device IDs
Once enabled, you’ll need to provide a hardware ID for the device you don’t want automatic driver updates for. You have to get it through Device Manager, which takes a few steps.
Disable Removable Media Drive
Removable media, such as USB flash drives, can be useful. But unknown USB devices can also pose a risk. Someone with access to your computer could load malware onto a flash drive and try to run it.
While not necessary in most cases, you can prevent Windows from reading the removable drive altogether to protect your system. This is very important in a business setting.
To disable removable media drives, enable this value:
User Configuration > Administrative Templates > System > Removable Storage Access > Removable Disks: Deny read access
In this folder, you’ll also see options for other media types such as CDs and DVDs. Feel free to disable any of these as well, but USB drives are a major concern.
Hide Balloon Notifications
Desktop notifications can be useful, but only when they have something useful to say. Most of the notifications you see aren’t worth reading, which often causes them to annoy you and break your concentration.
Enable this value to disable balloon notifications in Windows:
User Configuration > Administrative Templates > Start Menu and Taskbar > Turn off all balloon notifications
Starting with Windows 8, most system notifications switch to toast notifications. You should also disable it:
User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications > Turn off toast notifications
This is an easy way to block a lot of annoying pop-ups.
OneDrive is built into Windows 10. While you can uninstall it like any other app, you can also prevent it using Group Policy items.
Disable OneDrive by enabling this:
Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage
This will remove the ability to access OneDrive from anywhere on the system. It also removes the OneDrive shortcut in the File Explorer sidebar.
Turn off Windows Defender
Windows Defender manages itself, so it will stop running if you install a third-party antivirus application. If this is not working properly for some reason or you want to disable it completely, you can enable this Group Policy item:
Computer Configuration > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender
While easy to disable, Windows Defender is a pretty good security solution for most people. Be sure to replace it with another trusted Windows antivirus program if you remove it.
Run Script on Logon/Startup/Shutdown
Our last tip is a bit more advanced, so it probably won’t be useful to you unless you’re comfortable with batch files and/or writing PowerShell scripts. But if it is, then you can run the script automatically with Group Policy.
To set up a startup/shutdown script, visit:
Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)
To set up a login or login script, go here:
User Configuration > Windows Settings > Scripts (Logon/Logoff)
By doing this, you can select the actual script file and pass parameters for the script, so it’s quite flexible. You can also assign multiple scripts to each trigger event.
The Most Useful Group Policy Settings For You
Group Policy gives you a lot of control over how Windows 10 works. We’ve only seen a few examples here; there are more functions to discover if you know where to look. However, as you can see, most of the options revolve around removing or blocking functionality, not adding new tools.