Group Policy Manager

Disable Server Manager

Expand the Computer Configuration\Administrative Templates\System\Server Manager.

From the right side open the Don’t display Server Manamger automatically at Logon and select Enable.

Disable Firewall Settings

• Computer Configuration
  • Policies
    • Administrative Templates: Policy …
      • Network
        • Network COnnections
          • Windows Firewall
            • Domain Profile

Double-click the “Windows Firewall: Protect all network connections” object.

Disable IPV6 Settings

Computer Configuration > Policies > Administrative Templates > Network > IPv6

Disable USB Ports

Disable Cortana in Windows 10 Pro

Navigate to Computer Configuration > Administrative Templates > Windows Components > Search

Double click Allow Cortana > Set the setting to Disabled.

Enforce password complexity

GPO_name\Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy > Password Must Meet Complexity Requirements

Turn Off Consumer Experience Promotions

Computer Configuration > Administrative Templates > Windows Components > Cloud Content > Turn off Microsoft consumer experiences

Turn Off and Hide OneDrive

Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage

Run Scripts at Logon/Startup/Shutdown

To set up a startup/shutdown script:

Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

To set up a logon/logoff script:

User Configuration > Windows Settings > Scripts (Logon/Logoff)

Force proxy settings via group policy

Expand User configuration > Policies > WindowsSettings > Internet Explorer Maintenance > Connection

Under Proxy Settings, add the proxy information

For security reasons, administrators may want to prevent end users from changing their proxy settings.

Expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel

Disable the Connections page. This will be enabled by default.

Disable SMBv1 Client and Server

Computer Configuration > Preferences > Windows Settings and right-click Registry. Select New > Registry Item from the menu and then add the required key path and value. Make sure that the Action field is set to Update.

1. create a REG_DWORD value called SMB1 and set its value to 0 > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
2. To disable SMBv1 client, create two registry values
   • The first is a REG_DWORD value called Start, which should be set to 4 > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10
   • The second is REG_MULTI_SZ value called DependOnService, which should be set to “Bowser”,”MRxSmb20?,”NSI” > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation

Disable Guest Account and Local Administrator Accounts

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Set both Accounts: Guest account status and Accounts: Administrator account status to Disabled.

Extra Link

RSS Source: https://www.blog.anupchhetri.com/?p=2342