Group Policy Editor Guide to Features and Access Options

Group Policy Editor is an extremely powerful tool that is vital for administrative tasks, and with the help of this tool, users can configure necessary settings. For instance, with this editor, it is possible to determine what changes can be made by a regular user in terms of settings/apps, configure password requirements, and more.

From the perspective of the security risks, these settings (or shortly GPOs) can be used by hackers to switch off antivirus. Also, the administrators need these settings to work with the locked-out users.

In the guide, we will mainly focus on Windows version 10, but this information about Group Policy Editor will be also applicable to versions 7, 8, Server 2003, and even others. Here, we will discuss major features and access options.  

5 Ways to Access Group Policy Editor in Windows 10

Now, let’s proceed to the actual methods of accessing the group policy editor.

Method 1: Use the Run Dialog Box

-        Start with a search in the toolbar and select Run in case you see it or type it there.

-        After that in the run command you should insert ‘gpedit.msc’ and then press OK.

Method 2: Search for Local Group Policy Editor

-        Start with opening search in the toolbar.

-        The next step I entering ‘gpedit’ and pressing ‘Edit Group Policy’.

Method 3: Access via Command Prompt

-        While in the command prompt, you should enter ‘gpedit.msc’ and after that press ‘enter’.

Method 4: Launch Through PowerShell

-        When in the PowerShell, you should use the same ‘gpedit’ and after that press ‘Enter’.

-        In case, there is a necessity, you can also make some necessary changes in the Local GPOs via the PowerShell.

Method 5: Navigate Using the Start Menu and Control Panel

-        Enter the control panel via the start menu.

-        Press the Windows icon, and select widget icon.

-        Type ‘gpedit’ or ‘group policy’ and select ‘Edit Group Policy’.

Features and Capabilities of the Group Policy Editor

The capabilities and features of the Group Policy Editor are enormous, you can do quite a lot with this powerful tool. For instance, you could disable some services or simply choose a desktop wallpaper from there. Also, the version of the network protocol is controlled from there. To improve the security of the system, IT departments can use Group Policy Editor to set everything up, here are a couple of examples that can be done:

-        Disabling such devices as DVD/USD drives.

-        Restricting the access to gpedit so that regular users won’t impact the settings.

-        Setting some limitations for access/installed apps on the corporate machines.

-        Choose specific corporate wallpapers and turn off the regular user’s ability to modify them.

-        Disable network protocols so that users have access to more secure ones.

As you see, Group Policies are important for security settings, and here were mentioned only a couple of examples of how everything can be organized. There are way more practical scenarios for the environment hardening.

Key Components of the Group Policy Editor

When you enter Group Policy Editor, you will see a window that is divided into 2 parts. The left one includes all the possible items relating to computer configuration and user configurations. For instance, there are Admin templates, software settings, windows settings, and much more. By clicking on the specific category, a detailed tree will open so you can press on any and you will get some details on the right part of the window.

To change specific settings, you should only double-click on the item you want and enable/disable. Also, in this window, you can review the help description, check on what Windows versions this setting is supported, and more. There are hundreds of various options, you can select from so check Group Policy.

Breakdown of Local Group Policy Editor Components

-        User config. These groups of settings relate to the local machine only specifically to the current users and future ones as well.

-        Computer config. These settings relate to the local machine and are not influenced per user.

These are 2 major categories which are then divided into other categories such as software settings, windows settings, and admin templates.

Steps to Configure Security Policies via Local Group Policy Editor

Prior to making any specific changes, you would rather decide what GPOs you want to modify. After that, the process is rather straightforward.

Here we will guide you through the simple password setting:

1. In the Group Policy Editor, in the computer config section select Windows settings, then press Account setting, and password policy.
2. Choose “password must meet complexity…”.
3. After that select “enable” and then apply the changes.

Administering Group Policies Using PowerShell

For the management of group policies, most admins are using PowerShell commands such as the following:

-       Invoke-GPUpdate: this command is crucial for the refreshing GPOs. The benefit is that you can schedule updates at a specific time frame on the remote machine. Also, you can write a script for pushing several refreshes if there is such a necessity.

-       New-GPO: this command is needed for the creation of an unassigned GPO. That means you can specify the owner, name, domain, and other necessary parameters.

-       Get-GPResultantSetOfPolicy: this command returns RsoP for a machine or user or even both so that a file is created with the necessary results. With the usage of this XML file, you can determine some issues with GPOs. The policy might be overwritten by another GPO so in such a way you can specify the real value assigned to the machine/user.

-        Get-GPOReport: to deal with the troubleshooting, this command can be really useful because it displays all GPOs in the domain.

Drawbacks and Limitations of the Group Policy Editor

Group Policy Editor is a rather simple tool, but at the same time, it can help with the diversity of security settings. The GPO updates happen at some intervals on the machines in the network. That’s why, it is hard to determine when all the machines on the network will receive updates.

One of the obvious drawbacks of the local group policies is that hackers can use this tool and enable all the protection mechanisms. Also, the tool doesn’t have any built-in auditing, which means that you should make them independently and that can take some time.