Security Settings via Local Group Policy Editor

Discussion in 'Windows 10' started by Espionage724, Oct 8, 2014.

  1. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    394
    60
    #1 Espionage724, Oct 8, 2014
    Last edited by a moderator: Apr 20, 2017
    Not sure if a thread exists for this sort of thing yet, but perhaps we can discuss how to change certain security-related aspects of 10 Tech Preview with Local Group Policy Editor.

    You can access Local Group Policy Editor with gpedit.msc. Changing certain settings (namly under Computer Configuration) will affect system-wide, including other users; use User Configuration section instead to affect the current user only.

    Here's a few settings that may be useful:

    Windows Updates
    Code:
    Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates
    Disabled = "Never check for updates (not recommended)" (Windows won't automatically check for updates; you'll have to do it manually)

    Windows Customer Experience Improvement Program
    Code:
    Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings > Turn off Windows Customer Experience Improvement Program
    Enabled = "No, I don't want to participate in the program." (you opt-out of the improvement program)

    Windows Error Reporting
    Code:
    Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting
    Enabled = "Never check for solutions (not recommended)" (disables error reports being sent to Microsoft when program crashes)

    Application Telemetry
    Code:
    Computer Configuration > Administrative Templates > Windows Components > Application Compatibility > Turn off Application Telemetry
    Enabled = Disable anonymous usage data collection from certain applications (already disabled if Customer Experience Improvement Program disabled)

    These are some other settings that aren't as significant, and probably aren't that useful since you can control them via GUI normally.

    OneDrive
    Code:
    Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage
    Enabled = OneDrive is disabled (no real effect if not using MS account)

    Sync
    Code:
    Computer Configuration > Administrative Templates > Windows Components > Sync your settings > Do not sync
    Enabled = Settings from Microsoft Account won't sync from server to computer (no real effect if not using MS account)

    Store
    Code:
    Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application
    Enabled = Store via Modern UI is unaccessible (no real effect if not using MS account or if UAC is disabled)

    I haven't messed around in Group Policy Editor too much in the past, but at quick glance, there does appear to be some interesting settings that can be adjusted.
     
  2. RolfLobker

    RolfLobker MDL Novice

    Nov 19, 2011
    2
    0
    0
    I can tell... all these settings are available in Windows 7 and 8 as well. Some also in XP. But nice effort though. Keep digging :)