The reason why we might want to disable access to control panel on a Windows computer or server is to minimize the risk of exposing the computer settings to anyone. As we all know, in control panel we can find almost every configuration and settings on our computer; such as User Accounts, System and Security, Programs and Features, etc. These are all settings that we don’t want somebody else to mess with. For that purpose, Windows gives a way to restrict control panel access. On a managed domain, administrators usually disable control panel access using Group Policy on Windows.
How to Disable Control Panel Access using Group Policy on Windows
In this article we are going to demonstrate the way to disable control panel access using Group Policy on Windows. The steps by step below are performed on a Windows Server 2012 R2 as the Domain Controller and Windows 7 Ultimate as the targeted client computer where we want to disable its control panel. It is also assumed that the client computer has been joined to the domain.
A user named “Arranda Saputra” is logged on to the client PC and is the subject for the policy enforcement. In the domain, this user is located under OU named “MustBeGeek” and this is where we will link the policy.
Step by step:
1. Creating the Group Policy Object
On the Group Policy Management console, expand the forest and domain as usual, right click on Group Policy Objects and select “New”
Give name for the policy object, in this example we name it “Block Control Panel”
2. Editing the policy object
Once the policy object has been created, it will appear on the policy object list. Right click that policy and select “Edit”
On the policy editor window, the setting that we’re looking for is under User Configuration > Adminsitrative Templates > Control Panel , find one setting named “Prohibit access to Control Panel and PC settings”
Double click the setting and then configure it as shown in the screenshot below.
Click OK to save the setting and close the editor window.
3.Applying the policy object
Find the target OU, in this example the target OU is “MustBeGeek”, right click on it and select “Link an Existing GPO”
Select the “Block Control Panel” GPO and click OK. Verify that it is now appear under the “MustBeGeek” OU.
4. Check the result on the client machine
As soon as the policy applied, this is what will happen on the client machine when trying to open control panel.
The same prompt window will also appear when trying to modify a setting directly via the object icon, for example when trying to modify network setting by choosing “Open Network and Sharing Center” via LAN icon at the taskbar will also resulting the above prompt.
PS: Policy will be applied naturally but remember we can always force the policy to be applied right away by issuing command gpupdate /force on command prompt.
Disabling control panel access means totally restrict the user from changing any computer settings, even the smallest one. The only way to open control panel or any of its configuration items is by logging in using another user account that is not impacted by the policy. Remember that you can always check policy being applied to a user account by using command gpresult /r on CMD.
The best practice is not to apply this GPO to Administrator or Domain Admin accounts. However, if you are sure that other users are not required to do anything on the control panel, then you can always disable control panel access using Group Policy on Windows.
You may also like -
Latest posts by Arranda Saputra (see all)
- Restore DHCP Server in Windows Server 2012 R2 - January 9, 2020
- Backup DHCP Server in Windows Server 2012 R2 - January 9, 2020
- Configure DHCP Reservation in Windows Server 2012 R2 - January 9, 2020