Favorite Group Policies

Last Updated: April 23, 2015

Common Security Hardening Policies

Path	Policy	Setting
Local Policies -> Security Options	Accounts: Guest account status	Disabled
Local Policies -> Security Options	Network access: Allow anonymous SID/Name translation	Disabled
Local Policies -> Security Options	Network security: Do not store LAN Manager hash value on next password change	Enabled
Local Policies -> Security Options	Network security: Force logoff when logon hours expire	Disabled
Local Policies -> Security Options	Accounts: Block Microsoft accounts	Users can't add Microsoft accounts
Network -> WLAN Service -> WLAN Settings	Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services	Disable
Windows Components -> Application Compatibility	Turn off Application Telemetry	Enabled
Windows Components -> Data Collection and Preview Builds	Allow Telemetry	1 - Basic
Windows Components -> Delivery Optimization	Download Mode	LAN

This is recommended as a measure to protect against some viruses.

Under Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules

New Path Rule

disallow-appdata

Instead of seeing "Please Wait" or "Loading Windows", it tells you what it's doing.

Under Computer Configuration > Policies > Administrative Templates > System Display highly detailed status messages - Set this to Enabled

Send to OneNote 2013, Microsoft XPS Document Writer, Fax are rarely use so I deleted them.

Under User Configuration > Preferences > Control Panel Settings > Printers > New Local Printer

delete-printers

This can be used for Chrome, Office 2013, Startisback, and more...

You must create the admx central store. Put these files in

\\domain\SYSVOL\domain\Policies\PolicyDefinitions

You should be able to see them under Administrative Templates now.