All You Need to Know About Group Policy in Windows

When it comes to changing some advanced configurations in Windows, almost every tutorial you come across asks you to change one setting or the other in the Group Policy Editor. Though Group Policy doesn’t look as mysterious as Windows Registry with its messy keys and values, it can be a bit confusing. Please allow me to explain what the Group Policy is and how to use it.

What Is Group Policy?

Group Policy is a Microsoft Management Console snap-in and a centralized application that lets you change a variety of advanced settings related to the operating system, users, and different applications with just a few clicks.

In general, Group Policy Editor comes in two variants. The first one is the Centralized or Active Directory Group Policy, and the second one is Local Group Policy.

Active Directory Group Policy

The Active Directory Group Policy is mainly used by network administrators to control and configure computers in the same domain by modifying the policy objects. Not only can the system administrators change the advanced settings, but they can also enforce those changes via Group Policy. The policy enforcement makes sure that other users cannot change the settings without proper permissions.

For instance, by changing a single policy called “Disable Windows Installer,” a network administrator can block all the users on any computer in the same domain from installing or updating any software on Windows.

win10-group-policy-active-directory-group-policy

Local Group Policy

Local Group Policy is not that different from the Active Directory Group Policy. While the Active Directory Group Policy is used in professional environments like offices to control a network of computers, Local Group Policy is used to configure settings for users on the same computer.

win10-group-policy-local-group-policy

Of course, to make any changes to the Local Group Policy, you need to have administrator privileges. In case of Centralized or Active Directory Group Policy, you need to have network administrator privileges.

Considering how much control Group Policy gives a user, the feature is only intended to be used by professionals and power users. As such, it is only available for Pro and Enterprise users.

Categories in Local Group Policy Editor

When it comes to making changes to the Group Policy, most of us only ever use the Local Group Policy Editor. In general, Local Group Policy is divided into two major categories called Computer Configuration and User Configuration.

Computer Configuration: The policies in this category are applied to the entire computer regardless of the user. For instance, if you want to enforce a password strength policy for all users on the computer, you modify the relevant policy in this category.

User Configuration: The policies in this category are applied to users rather than the entire computer. Since the policies are applied to users rather than the computer, no matter what computer a user logs in to, the policies are automatically enforced by Windows.

win10-group-policy-categories

If you’ve ever browsed through these categories, you might have seen the same policies in both categories which can be configured independently. In case of any policy clash between computer configuration and user configuration categories, the computer configuration will override the user configuration.

Using Local Group Policy

Compared to Registry Editor, using Local Group Policy is easy and straightforward. Add to that that each policy has a detailed description of what it is and what happens when you disable or enable a policy.

To open Local Group Policy, search for “Edit Group Policy” in the Start menu or type gpedit.msc in the Run dialog box, and press the Enter button.

win10-group-policy-search-for-group-policy

Once the editor has been opened, you can browse through the categories and their folders on the left pane. On the right pane you will see the available policies. If you select the “Extended” tab, the editor will show the policy description on selection. To modify a policy, double-click on it.

win10-group-policy-cateogries-and-policies

This action will open the policy settings window. In this window you can see the policy description under the “Help” section. If the policy has any additional options, you will see them under the “Options” section.

To enable or disable a policy, just select either the “Enabled” or “Disabled” radio option, and click on the “OK” button. If you think you’ll forget why you changed a particular policy, you can write your own description in the Comments section.

To reset any policy to its default state, select the “Not configured” option.

win10-group-policy-settings

Conclusion

This is a very high-level overview of what Group Policy is and how to use it. There is so much more you can learn by digging through and using Group Policy from time to time. If you have anything to say regarding Group Policy, please comment below.

Active Directory Group Policy image credit: Microsoft

The Complete Windows 10 Customization Guide

The Complete Windows 10 Customization Guide

In this ebook we’ll be exploring the multitude of options to fully customize Windows 10. By the end of this ebook you’ll know how to make Windows 10 your own and become an expert Windows 10 user.

Get it now! More ebooks »

3 comments

  1. We’ve all heard how editing the Registry can lead to a disaster. Is there a situation where editing the Group Policy can lead to a similar disaster where the PC becomes unbootable?

    1. Unlike registry where you can accidentally misconfigure or delete keys and values, group policy is much more forgiving. This is because you cannot delete policies and group policy doesn’t allow configurations outside the provided options.

      1. Thanks, Vamsi.
        You always hit the nail on the head with your articles & replies.
        Dan

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.