cargex
asked on
Best Group Policy Objects for Windows 10
Guys,
I have been tasked to select the best Group Policy Objects for the computers in my network.
I'm new in this job but I remember from my old job that there are a bunch of useful Group Policies to change the desktop background, the security, etc.
Can you please help me create a list of the best (most useful) group policies to implement?
So that you understand what I'm looking for here it is one that I found useful:
\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
Accounts: Guest account status
Setting: Disabled
What I really don't feel like doing is going through all the possibly thousands of policies available one by one to decide if it is useful or not. In other words I don't want to reinvent the wheel.
Thanks.
I have been tasked to select the best Group Policy Objects for the computers in my network.
I'm new in this job but I remember from my old job that there are a bunch of useful Group Policies to change the desktop background, the security, etc.
Can you please help me create a list of the best (most useful) group policies to implement?
So that you understand what I'm looking for here it is one that I found useful:
\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
Accounts: Guest account status
Setting: Disabled
What I really don't feel like doing is going through all the possibly thousands of policies available one by one to decide if it is useful or not. In other words I don't want to reinvent the wheel.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
While browsing the Internet I just realize that we need to start narrowing this down by knowing the type of user. In this case the first group of policies I need are for a call center, and the operators of the workstations should be able to work ONLY with the associated programs, and nothing more.
They should NOT have access to:
Drive C
Control panel
System options
Removable devices (Mass storage devices)
CMD
Misc options which may damage the system
Task manager
Games etc..
They should NOT have access to:
Drive C
Control panel
System options
Removable devices (Mass storage devices)
CMD
Misc options which may damage the system
Task manager
Games etc..
And now you see why I gave the advice I did. Even your own wants have "evolved" over the last few responses. Nobody here can predict what you will and won't need. Your question is simply too broad to answer more that it already has been.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good Morning Guys,
I just checked the Windows 10 ADMX file and there is a list of 3,730 GPO's
I will start going through this file like you are suggesting but for the love of God, I can't believe that after 15 years using GPO's nobody has created a list of some very basic/recommended GPO's that can be definitely helpful, and that I can use as a starting point.
If anybody out there has such a list please let me know.
Thanks.
I just checked the Windows 10 ADMX file and there is a list of 3,730 GPO's
I will start going through this file like you are suggesting but for the love of God, I can't believe that after 15 years using GPO's nobody has created a list of some very basic/recommended GPO's that can be definitely helpful, and that I can use as a starting point.
If anybody out there has such a list please let me know.
Thanks.
ASKER
Hi Guys,
I think you are partially right, in the sense that yes I need to go through the list of GPOs to choose the ones I need, and by the way the ADMX file is a great way to do that, but I could also use a starting point, which I think I have now.
So, for anybody reading this, go download the ADMX file like Awawada suggests and then look in the file for the following:
Account Policies
Desktop
IE Config
Windows Defender
Windows Firewall
Windows Updates
I think if you start with the policies on this list that's a good start, and then if you feel like going through the whole 3,730 policies knock yourself out, and have fun!
I think you are partially right, in the sense that yes I need to go through the list of GPOs to choose the ones I need, and by the way the ADMX file is a great way to do that, but I could also use a starting point, which I think I have now.
So, for anybody reading this, go download the ADMX file like Awawada suggests and then look in the file for the following:
Account Policies
Desktop
IE Config
Windows Defender
Windows Firewall
Windows Updates
I think if you start with the policies on this list that's a good start, and then if you feel like going through the whole 3,730 policies knock yourself out, and have fun!
ASKER
I understand your point, but right now I would like to narrow down the initial list to may be a 100 policies that could be useful, and then I can have the conversation you are talking about. Having the conversation without narrowing down this first would lead to a philosophical discussion that won’t do me any good.
What I’m thinking could be a good way to do this is create separate Group Policy Objects by theme, for instance one theme could be changing the looks of the desktop, another could be the IE properties, etc.
If somebody can help me with a good list please do so, thanks.