Clever tweaks of Windows Group Policy

H Πολιτική ομάδας των είναι ένα ισχυρό εργαλείο που σας δίνει την δυνατότητα να ρυθμίσετε πολλές πτυχές του λειτουργικού συστήματος. Οι περισσότερες ρυθμίσεις έχουν σαν στόχο να προσφέρουν στους διαχειριστές του υπολογιστή την δυνατότητα να παρακολουθούν και να ελέγχουν τους τυπικούς λογαριασμούς.

windows

If you manage computers in a company environment or if you manage multiple accounts in your home, then you should know the capabilities and benefits of your Windows for the proper control of the use of of the employees but also of your family.

Below we will see 8 tweaks for Windows 10 which we consider important to know and will certainly make it easier for your administrator to work.

Σημείωση: H επεξ πολιτικής ομάδας δεν είναι διαθέσιμη στην standard και στην home έκδοση. Θα πρέπει να έχετε τη Pro ή την Enterprise έκδοση για να την χρησιμοποιήσετε.

How to access the Group Policy Editor Windows
Καταρχήν βεβαιωθείτε ότι είστε συνδεδεμένοι σαν before trying to enter group policy editing. There are several ways to access the Group Policy Editor. For convenience, we suggest you open the Windows “Run” window (or press the Win + R keys at the same time) and there write the word “gpedit.msc” and press OK.

Tweak 1. Record account logins
Through the policy group, you can force Windows to record all successful and failed attempts to connect to the computer from any user account. You can use this information to track who you log on to the computer and whether an unauthorized person has attempted to connect or not.

In group policy, navigate to the following location and double-click “Check Connection Events”.

Computer Settings> Windows Settings> Security Settings> Local Policies> Control Policy

Here, select both check boxes next to "Success" and "Failure" and click OK. Windows will start recording and keeping a log file.

To view these logs, you must have access to another useful Windows tool, Event Viewer. Open "Run" again and type "eventvwr" to open the Windows event viewer.

Go to “Windows Logs” and then “Security”. In the middle of the table, you should see all recent events. Don't get confused by all these facts, all you need to find are the successful and failed connections. Successful connections have “Event ID: 4624”, and failed connections have “Event ID: 4625”. Just look for these event IDs to find the connections and see the exact one and time they took place.

Double-clicking on these events will show more details, along with the exact name of the linked user account.

Tweak 2. Disable access to Control Panel
The Control Panel or Control Panel is the center of all Windows settings, both for security and usability. However, these settings can be disastrous in the wrong hands. If you are dealing with a novice user who should be using the computer or if you suspect that someone may be "corrupting" these sensitive settings, then you should deny access to the Control Panel.

To do this, scroll to the site in Group Policy Editor User Settings> Management Templates> Control Panel and double-click "Block Access to Control Panel and Computer Settings".

Select the “Enable” option to deny access to the Control Panel. Normally the Control Panel option should be removed from the startup and no one will be able to access it from anywhere, including the Run window.

All options in the Control Panel will be banned and access to them by any other method will cause an error.

Tweak 3. Forbid users to install new software
It can take you some time to clean a computer that is infected with malicious software. To make sure that users do not install infected software by any means, you will need to disable Windows Installer from Group Policy.

Navigate to Computer Settings> Administration Templates> Windows Components> Windows Installer and double-click "Disable Windows Installer".

Select "Enable" and then "Always" from the drop-down menu in the "Options" panel. Users will no longer be able to install new programs on the computer.

Tweak 4. Turn off removable storage devices

Τα USBs καθώς και οι άλλες μορφές αφαιρούμενων συσκευών αποθήκευσης μπορεί να είναι πολύ επικίνδυνα για το PC. Αν κάποιος κατά λάθος (ή επίτηδες) συνδέσει ένα USB που έχει μολυνθεί με ιό με τον υπολογιστή, θα μπορούσε να μολύνει ολόκληρο το PC ή θα μπορούσε να σας κλέψει ευαίσθητα .

To prevent users from using portable storage devices, go to User Settings> Administration Templates> System> Removable Storage Access, and double-click Removable Disks: Block Read Access.

Enable this option and the computer will not read any kind of data from an external storage device. Additionally, there is an option below that is listed as “Removable disks: Deny access s". You can enable it if you want no one to be able to write data to a removable storage device.

Tweak 5. Prevent users from starting specific applications
The policy group also allows you to create a list of applications that you will prevent from launching, that is, running on your system. It is a good setting to prevent users from "eating" their time with applications that are not approved by you. Go to User Settings> Administration Templates> System and double-click "Do not run specific Windows applications".

Select this option and click the "Show" button below to start creating the list of applications you would like to block.

To create the list, you must enter the executable name of the application along with an .exe at the end to block the application. For example, CCleaner.exe, CleanMem.exe or Launcher.exe. The best way to find the exact executable name of an application is to look in the application folder in Windows File Explorer and copy the exact name of the executable file (along with the ".exe" extension).

Enter this executable name in the list and click "OK" to start the lock. There is also in the group policy below the option "Run only specific Windows applications". If you want to disable all types of applications except specific ones, then use this option and create a list of the applications you want to allow. We would say that this Tweak is aimed at a really strict working environment.

Tweak 6. Disable Command Prompt and Windows Registry Editor
If the Dashboard is dangerous in the wrong hands, then the Command Prompt and the Registry Editor are a disaster. Both of these tools can easily make Windows unusable, especially Registry Editor, which could damage Windows so much that you would have to format.

If you are concerned about computer security and want to disable both Command Prompt and Windows Registry Editor, go to User Settings> Management Templates> System and double-click "Deny Command Prompt" and " do not allow access to registry editing tools ”. Just turn them both on.

Tweak 7. Hide Partitions from the computer
If there is a particular disk with sensitive data inside the computer, then you can hide it so that users will not be able to see it. It's a good measure to keep users away, but you shouldn't as a method to protect data from prying eyes.

Go to User Settings> Administration Templates> Windows Components> File Explorer, and select "Hide specified drives in My Computer".

Once enabled, click the drop-down menu in the "Options" panel and select which disk you want to hide. The discs should be hidden as soon as you click "OK".

Tweak 8. customize the Start Menu and the taskbar
Group Policy offers dozens of tricks for the Start Menu and taskbar to customize to your liking. These tricks are ideal for both administrators and regular users looking for a way to customize the Windows Start menu and taskbar. Go to User Settings> Management Templates> Taskbar and Start Menu and you'll find all the tweaks along with an explanation of what they do.

The tweaks you will find are very easy to understand, so we do not need to explain them to you individually. In addition, Windows already offers a detailed description of each setting. Some of the things you can do are change the function of the start button, prevent users from placing programs on the taskbar, restrict the ability , hide notifications, hide the battery icon, avoid changes to the taskbar and menu settings, prevent users from using any power option, remove the "Run" option from the start menu and a bunch other tricks.

Time to show who the boss is.
Οι παραπάνω ρυθμίσεις στην Πολιτική ομάδας θα πρέπει να σας βοηθήσουν να πάρετε τον έλεγχο σε ένα PC και να εξασφαλίσετε ότι τίποτα δεν πάει στραβά, ακόμα και αν το χρησιμοποιούν άλλοι χρήστες εκτός από εσάς. Η Πολιτική ομάδας έχει εκατοντάδες επιλογές για να ελέγξετε διάφορες των Windows, απλά οι παραπάνω είναι μόνο μερικές βασικές ρυθμίσεις ενός administrator. Ελπίζουμε να σας κεντρίσαμε το ενδιαφέρον ώστε να δαπανήσετε τον απαιτούμενο χρόνο για να εξερευνήσετε όλα τα κρυμμένα διαμάντια που βρίσκονται μέσα σε αυτήν. Όμως για καλό και για κακό και δεδομένου ότι η πολιτική ομάδας είναι δαιδαλώδης σε ρυθμίσεις και κόλπα καλό θα ήταν να έχετε δημιουργήσει ένα σημείο επαναφοράς συστήματος πριν κάνετε οποιεσδήποτε αλλαγές.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).