Group Policy Manager
Disable Server Manager
Expand the Computer Configuration\Administrative Templates\System\Server Manager.
From the right side open the Don’t display Server Manamger automatically at Logon and select Enable.
Disable Firewall Settings
- Computer Configuration
- Policies
- Administrative Templates: Policy …
- Network
- Network COnnections
- Windows Firewall
- Domain Profile
- Windows Firewall
- Network COnnections
- Network
- Administrative Templates: Policy …
- Policies
Double-click the “Windows Firewall: Protect all network connections” object.
Disable IPV6 Settings
Computer Configuration > Policies > Administrative Templates > Network > IPv6
Disable USB Ports

Disable Cortana in Windows 10 Pro
Navigate to Computer Configuration > Administrative Templates > Windows Components > Search
Double click Allow Cortana > Set the setting to Disabled.
Enforce password complexity
GPO_name\Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy
> Password Must Meet Complexity Requirements
Turn Off Consumer Experience Promotions
Computer Configuration > Administrative Templates > Windows Components > Cloud Content > Turn off Microsoft consumer experiences
Turn Off and Hide OneDrive
Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage
Run Scripts at Logon/Startup/Shutdown
To set up a startup/shutdown script:
Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)
To set up a logon/logoff script:
User Configuration > Windows Settings > Scripts (Logon/Logoff)
Force proxy settings via group policy
Expand User configuration > Policies > WindowsSettings > Internet Explorer Maintenance > Connection
Under Proxy Settings, add the proxy information
For security reasons, administrators may want to prevent end users from changing their proxy settings.
Expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel
Disable the Connections page. This will be enabled by default.
Disable SMBv1 Client and Server
Computer Configuration > Preferences > Windows Settings and right-click Registry. Select New > Registry Item from the menu and then add the required key path and value. Make sure that the Action field is set to Update.
- create a REG_DWORD value called SMB1 and set its value to 0 > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- To disable SMBv1 client, create two registry values
- The first is a REG_DWORD value called Start, which should be set to 4 > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10
- The second is REG_MULTI_SZ value called DependOnService, which should be set to “Bowser”,”MRxSmb20?,”NSI” > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
Disable Guest Account and Local Administrator Accounts
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
Set both Accounts: Guest account status and Accounts: Administrator account status to Disabled.
Extra Link
RSS Source: https://www.blog.anupchhetri.com/?p=2342
Recent Comments