The previous article already discussed about completely disable control panel access on a managed Windows computer to harden the security of computer settings. However, this restriction could give bad experience to the end users. Sometimes access to control panel is required for troubleshooting basic problems, but users wonâ€™t be able to do that without access to control panel. So, instead of completely disable control panel, administrator can just hide control panel items using Group Policy to limit what users can configure in control panel.
How to Hide Control Panel Items using Group Policy
There are two approach to secure control panel with this concept:
- Hide specified Control Panel items : this settings by default will show all control panel items except those the administrator choose to hide. This setting has higher precedence then the other setting that will be explained later, which means if both are configured at the same time, this setting will override the other one.
- Show only specified Control Panel items : this setting is more restrictive compared to the previous one, but still more permissive than completely disable control panel. By default this setting will hide all control panel items except those the administrator choose to show.
The example below will show how to hide some control panel items which are the on a client PC running Windows 10, joined to a domain named asaputra.com where the domain controller is running Windows Server 2012 R2. The chosen items to hide are â€œHomeGroupâ€ and â€œInternet Optionsâ€ which can be found in control panel under â€œNetwork and Internetâ€ section.
1. Create a new GPO or edit an existing one
In this example, a new GPO named â€œGlobal Securityâ€ is created.
2. Find the setting to hide/show specified control panel items
Open up the editor window and go to User Configuration > Policy > Administrative Templates > Control Panel. Both configuration to hide or show specified control panel items are shown here.
3. Enable the setting to hide/show specified control panel items
The setting that fits the goal of this scenario is Hide specified Control Panel items. Select the setting and change the options to â€œEnabledâ€, then click on â€œShowâ€ button as pointed out in the picture below,
4. Specify the items to be hidden/shown
Write the canonical name of the items to be hidden. You can refer to this canonical name guidance from Microsoft.
5. Verify result on the client computer
Apply the GPO to a user OU and watch it takes effect on the client computer as soon as group policy refreshed.
You can repeat the steps above by specifying the canonical name of other control panel items that you want to hide or show. With this way, administrator can hide control panel items that the user shouldn’t mess with, but still showing items that are useful or frequently needs to be changed.
Just remember that the â€œShow specified Control Panel itemsâ€ setting has higher priority than â€œHide specified Control Panel itemsâ€ setting. The setting takes effect as soon as Group Policy refreshed on the client machine. This happens periodically but you can force it to be refreshed right away by using command gpupdate /force.
And thatâ€™s how to hide control panel items using Group Policy.
You may also like -
Latest posts by Arranda Saputra (see all)
- How to move OneDrive Folder to a Different Location - October 15, 2019
- Enable Event Logging in Windows DNS Server - June 29, 2019
- Your Current Security Settings do not Allow this File to be Downloaded - June 18, 2019