When it comes to changing some advanced configurations in Windows, almost every tutorial you come across asks you to change one setting or the other in the Group Policy Editor. Though Group Policy doesn’t look as mysterious as Windows Registry with its messy keys and values, it can be a bit confusing. Please allow me to explain what the Group Policy is and how to use it.
What Is Group Policy?
Group Policy is a Microsoft Management Console snap-in and a centralized application that lets you change a variety of advanced settings related to the operating system, users, and different applications with just a few clicks.
In general, Group Policy Editor comes in two variants. The first one is the Centralized or Active Directory Group Policy, and the second one is Local Group Policy.
Active Directory Group Policy
The Active Directory Group Policy is mainly used by network administrators to control and configure computers in the same domain by modifying the policy objects. Not only can the system administrators change the advanced settings, but they can also enforce those changes via Group Policy. The policy enforcement makes sure that other users cannot change the settings without proper permissions.
For instance, by changing a single policy called “Disable Windows Installer,” a network administrator can block all the users on any computer in the same domain from installing or updating any software on Windows.
Local Group Policy
Local Group Policy is not that different from the Active Directory Group Policy. While the Active Directory Group Policy is used in professional environments like offices to control a network of computers, Local Group Policy is used to configure settings for users on the same computer.
Of course, to make any changes to the Local Group Policy, you need to have administrator privileges. In case of Centralized or Active Directory Group Policy, you need to have network administrator privileges.
Considering how much control Group Policy gives a user, the feature is only intended to be used by professionals and power users. As such, it is only available for Pro and Enterprise users.
Categories in Local Group Policy Editor
When it comes to making changes to the Group Policy, most of us only ever use the Local Group Policy Editor. In general, Local Group Policy is divided into two major categories called Computer Configuration and User Configuration.
Computer Configuration: The policies in this category are applied to the entire computer regardless of the user. For instance, if you want to enforce a password strength policy for all users on the computer, you modify the relevant policy in this category.
User Configuration: The policies in this category are applied to users rather than the entire computer. Since the policies are applied to users rather than the computer, no matter what computer a user logs in to, the policies are automatically enforced by Windows.
If you’ve ever browsed through these categories, you might have seen the same policies in both categories which can be configured independently. In case of any policy clash between computer configuration and user configuration categories, the computer configuration will override the user configuration.
Using Local Group Policy
Compared to Registry Editor, using Local Group Policy is easy and straightforward. Add to that that each policy has a detailed description of what it is and what happens when you disable or enable a policy.
To open Local Group Policy, search for “Edit Group Policy” in the Start menu or type
gpedit.msc in the Run dialog box, and press the Enter button.
Once the editor has been opened, you can browse through the categories and their folders on the left pane. On the right pane you will see the available policies. If you select the “Extended” tab, the editor will show the policy description on selection. To modify a policy, double-click on it.
This action will open the policy settings window. In this window you can see the policy description under the “Help” section. If the policy has any additional options, you will see them under the “Options” section.
To enable or disable a policy, just select either the “Enabled” or “Disabled” radio option, and click on the “OK” button. If you think you’ll forget why you changed a particular policy, you can write your own description in the Comments section.
To reset any policy to its default state, select the “Not configured” option.
This is a very high-level overview of what Group Policy is and how to use it. There is so much more you can learn by digging through and using Group Policy from time to time. If you have anything to say regarding Group Policy, please comment below.
Active Directory Group Policy image credit: Microsoft