Best Group Policy Objects for Windows 10

Guys,
I have been tasked to select the best Group Policy Objects for the computers in my network.

I'm new in this job but I remember from my old job that there are a bunch of useful Group Policies to change the desktop background, the security, etc.

Can you please help me create a list of the best (most useful) group policies to implement?

So that you understand what I'm looking for here it is one that  I found useful:

\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
Accounts: Guest account status
Setting: Disabled

What I really don't feel like doing is going through all the possibly thousands of policies available one by one to decide if it is useful or not. In other words I don't want to reinvent the wheel.

Thanks.
cargexAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Reinventing the wheel is exactly what you should do though. *Every* client of mine is unique. My hotel concierge environment has an entirely different set of needs and therefore set of group policy settings than my plastics manufacturing company with floor machining computers and front-office machines used by sales and order fulfillment. That's an example of three environments, two of them in the same company, that have almost no overlap in settings.

The one bit of advice I'll give you is go minimalist. I know IT folks that, new to the job, go gung no and lock everything down, not because it is what is good for the business, but simply because they can. Does forcing a corporate wallpaper really help the business? Or do employees get more satisfaction from being able to see their wife and kids on the desktop? How is that different than a framed picture in their cubicle?

It all starts with business need. Have the conversation "what do you need" first, THEN implement "just enough" to meet that need. And the process can be iterative. In a restaurant, you may discover you *do* want to lock down the wallpaper or screensaver on publicly visible machines for branding purposes. And that may not come up in the first conversation. But needs evolve. Don't go scouring thousands of settings looking for things to set. By going minimalist, you save that "thousands of settings" hassle and you end up with happier users. That's a win-win.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cargexAuthor Commented:
Hi Cliff,
I understand your point, but right now I would like to narrow down the initial list to may be a 100 policies that could be useful, and then I can have the conversation you are talking about. Having the conversation without narrowing down this first would lead to a philosophical discussion that won’t do me any good.

What I’m thinking could be a good way to do this is create separate Group Policy Objects by theme, for instance one theme could be changing the looks of the desktop, another could be the IE properties, etc.

If somebody can help me with a good list please do so, thanks.
0
cargexAuthor Commented:
While browsing the Internet I just realize that we need to start narrowing this down by knowing the type of user. In this case the first group of policies I need are for a call center, and the operators of the workstations should be able to work ONLY with the associated programs, and nothing more.

 They should NOT have access to:
 Drive C
 Control panel
 System options
 Removable devices (Mass storage devices)
 CMD
 Misc options which may damage the system
 Task manager
 Games etc..
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Cliff GaliherCommented:
And now you see why I gave the advice I did. Even your own wants have "evolved" over the last few responses. Nobody here can predict what you will and won't need. Your question is simply too broad to answer more that it already has been.
0
awawadaCommented:
Nobody can tell the the best GPO's for your organisation, because we don't know nothing about your company.
Download the Windows 10 ADMX spreadsheet.xlsx from http://www.microsoft.com/en-us/download/details.aspx?id=25250 and go through each GPO setting. That's what we are doing for each of our customer.
0
cargexAuthor Commented:
Good Morning Guys,
I just checked the Windows 10 ADMX file and there is a list of 3,730 GPO's

I will start going through this file like you are suggesting but for the love of God, I can't believe that after 15 years using GPO's nobody has created a list of some very basic/recommended GPO's that can be definitely helpful, and that  I can use as a starting point.

If anybody out there has such a list please let me know.

Thanks.
0
cargexAuthor Commented:
Hi Guys,
I think you are partially right, in the sense that yes I need to go through the list of GPOs to choose the ones I need, and by the way the ADMX file is a great way to do that, but I could also use a starting point, which I think I have now.

So, for anybody reading this, go download the ADMX file like Awawada suggests and then look in the file for the following:
Account Policies
Desktop
IE Config
Windows Defender
Windows Firewall
Windows Updates

I think if you start with the policies on this list that's a good start, and then if you feel like going through the whole 3,730 policies knock yourself out, and have fun!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.