10 Important Must Have Security Group Policies For Windows Systems

You all might be aware and using various security programs to maximize the security and integrity of data in your system. That security might be applicable to a system which is a part of a domain having many systems in a network or a single system at home.Data is very important to us so we cant take risks most of the times. The thing i wanted to tell is…why to spend time and money on some small security enhancement tools while we have some enhancements for security and performance built in our own Operating System itself ? True…we have many tools built in, Thanks to Microsoft that we are not aware of them. This week as a beginning i would like to bring forth the Group Policy editing tool and respective policies implemented in them to increase performance and security.

Restrict Multiple Users :

If multiple people are using your system and want to restrict few things…this is the tool for you.
Go to Start -> RUN -> Type ”gpedit.msc”. A group policy editor window is displayed.

This tool defines any new or default implemented local policies on your machine. As you can see, There are two important tabs..User configuration, computer configuration. Defining policies in user configurations affects the users and same for the computer configuration. Take your time to scroll down and check all of them…you are free to enable any option you want here. But i would recommend below policies to be implemented for optimal security and performance.

Cleaning Scripts :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to Computer Configuration -> Windows Settings -> Scripts.

This option comes in handy when you want to run and cleanup scripts or any other batch scripts at the system startup and shutdown. A very handy script for any system administrator working in corporate companies like me.

As per the screenshot, you can add any scripts in startup or shutdown category just by double clicking on startup/shutdown options on right side and click on “add” to point to script location.

Increase Your Internet Speed to 20% more :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to Computer Configuration -> Administrative Template -> Network -> QOS Packet Scheduler.

Under QOS Packet scheduler, on the right side, Double click on the value “Limit Reservable Bandwidth”. Click on enable and decrease the default value from 20% to 0. This change will clear off any reserved bandwidth set by windows to itself. By decreasing it to zero. You would gain 20% increase in internet speed.

Startup Scripts :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to User Configuration>Windows Settings>Scripts

Please note the difference between startup scripts and logon scripts. Startup scripts are run before the user logs on to the system so Startup scripts come first and then the logon/logoff scripts. The usage is same as startup/shutdown scripts.

Hide Your Control Panel :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to User Configuration -> Administrative Templates.

I don’t know about you all, but I don’t want my Control Panel to be populated with all the setting tabs that I don’t use. I pick the ones that I want and make the policy to display only them keeping other things hidden and secure from unauthorized access.  Option called Hide Specified control panel items/Show only specified control panel items perform the same action in displaying wanted/unwanted items in control panel. Just explore the setting and item you want and add it in the list and Whola…your control panel is now repopulated with selected items.

Personalization :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to User Configuration -> Administrative Templates -> Control Panel -> Personalization.

Want to restrict or define a default wallpaper or screensaver to all the users..This is the place…double click the desired option from right hand side menu and just point to the respective wallpaper or screensaver and only those will be applied and available to the system users.

Desktop :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to User Configuration -> Administrative Templates -> Control Panel -> Desktop

It takes the whole day and memory to explain about stuff in this category so i leave it to you people to explore and play around with the settings to know what happens. Because there are a lot of things that you can do in this tab like add/remove icons on your desktop, prohibit deletion of shortcuts from desktop and stuff like that.

System :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to User Configuration -> Administrative Templates -> Control Panel -> System

This is the most important tab of all…all the main settings are defined here and i recommend you to remember whatever you do here..Right hand side help/description menu helps you understand what that setting does and how it would affect the system.

Disable autorun to Stop Viruses :

Just go to Start -> RUN -> Type ”gpedit.msc” and navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> AutoPlay Policies

Now just double click on the Turn off Autoplay to open a window where you have to Enable it and click on apply and OK. So that when ever a virus enters your system, it cannot be autorun in your system. The safest way to stay away from autorun virus. All the programs will be stop being autorun, Like USB, CD’s, DVD’s and any other extra gadget will not autoplay on its own. You can also disable the AutoRun Commands. Just click on Default behavior for AutoRun and enable it and in options select as Do not execute any autorun commands.

Track Your Shutdown’s :

Some time we observe that suddenly our system shutdowns and we don’t know what exactly happened, we will lose unsaved data or docs and downloading files and etc. But you can still track your shutdowns to know what exactly happened last time when you have shutdown the system. You can also check and track all the shutdowns. Also we will be having a great chance to select our shutdown either planned or a unplanned shutdown and stop the sudden shutdowns.

With this policy you can track your shutdowns and also every time when you shutdown, you will be notified a option called Planned shutdown or other. So that the data can be saved and also to keep a track. You can see a image like this when you are shutting down your system.

Note that the settings shown above may change a bit in both Windows XP and Windows 7. So if you have found any difficulty just buzz me with a comment. If you ever do something you don’t remember and want a solution feel free to contact me via comments below. Understanding and implementing these settings using the group policy editor would surely increase the security and performance of the system. I got it worked on my PC…go on and try it and let me know what happened!!!! Have a Smart Monday.

Announcements :

Coolpctips is proud to announce its new category called Professional Monday’s. Here in this category the top MNC company professionals will give there valuable tips, tweets, hacks, skills, and also share there valuable information to our readers. The category will be taken care of our Technical head Subhash who is a experienced System Administrator in Windows and Servers currently working for Wipro.

·Computer Configuration>Windows Settings>Scripts

email
Comments(14)
  1. Arjun Singh May 30, 2011
  2. Rishiraj Sisodia May 30, 2011
  3. Nikhil Jaikumar May 30, 2011
    • subbuaxel May 31, 2011
  4. Rajesh Rajeshk May 30, 2011
    • subbuaxel May 30, 2011
  5. Srikanth Rao May 30, 2011
  6. Rohith May 30, 2011
  7. Satish May 31, 2011
  8. Srihari Rao May 31, 2011
  9. vedant May 31, 2011
  10. Isha Singh June 3, 2011
  11. Trilok June 8, 2011
  12. Inder July 19, 2012

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!