Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
A lot of people are unhappy with how Microsoft is handling Windows 10, so despite all of the surprisingly great reasons to upgrade, many are fighting tooth and nail to avoid upgrading at any cost.
The biggest complaint? Loss of control. Sure, there are some quick and useful hacks that you can try, but these just aren’t enough. Microsoft has taken away too many options.
One way around all of this is to use the Group Policy feature. If you’ve never heard of it before, don’t worry. It may be powerful, but it’s simple to understand. Keep reading to find out how you can start taking advantage of it now.
What Is Windows Group Policy?
Group Policy provides a centralized way to manage and configure all kinds of settings across all computers on a given Active Directory network. The settings are maintained by a domain controller and individual computers can’t override those settings.
However, computers that aren’t on an Active Directory network can still have their settings tweaked locally using the Local Group Policy.
Think of it like Control Panel, except a hundred times more powerful. With Group Policy, you can restrict access to parts of the system, force a certain home page for all users, and even run certain scripts whenever a computer starts up or shuts down.
In actuality, most of these changes to settings are little more than tweaks to the Windows Registry. It’s just that the Group Policy Editor provides an easy-to-use interface for managing all of those tweaks without having to manually scour the registry.
The one downside is that — natively (more on alternatives below) — Group Policy is only available to computers running Professional, Enterprise, or Education editions of Windows. If you’re on Windows Home, this feature alone may convince you to upgrade to Windows Pro.
Thinking about it? Check out our step-by-step guide that has everything you need to know about upgrading from Home to Pro.
Accessing the Group Policy Editor
Accessing the Group Policy Editor is easier than you think, especially on Windows 10. As with most things in Windows, there are multiple ways to access it. Here’s the fastest way, which is the method I prefer:
- Open the Start Menu.
- Search for Edit group policy.
- Launch it!
I know I said earlier that Group Policy isn’t available on Home editions of Windows, but there is a workaround you can try if you don’t want to pay for an upgrade. It involves some basic system tweaks and the installation of a third-party Group Policy Editor.
If you’re interested, check out our step-by-step guide to installing the Group Policy Editor on Windows Home.
Useful Group Policy Tips and Tricks
The Group Policy Editor allows you to change thousands of different options, preferences, and settings, so it would be impossible to cram all of them into this single article.
It’s probably best if you DON’T experiment with the Group Police Editor. One bad tweak could render your system inoperable. However, here are several safe tweaks that you may want to implement right away.
1. Restrict Access to Control Panel
Control Panel restrictions are integral for business networks and school environments, but they can also be useful in the home for computers shared between multiple users when you want master control over everything.
To completely block the Control Panel altogether:
User Configuration > Administrative Templates > Control Panel > Prohibit access to Control Panel and PC Settings
But if you want semi-access to only certain parts of the Control Panel, you can set that up too using one of the two following settings:
User Configuration > Administrative Templates > Control Panel > Hide specified Control Panel items
User Configuration > Administrative Templates > Control Panel > Show only specified Control Panel Item
Enable them and you’ll be able to indicate which Control Panel Applets you want to show or hide by using the canonical names provided by Microsoft.
2. Restrict Access to Command Prompt
Despite how useful the Command Prompt can be, it can also be a nuisance in the wrong hands, allowing users to run undesirable commands and circumventing other restrictions you might have in place. As such, you should probably disable it.
To disable the Command Prompt:
User Configuration > Administrative Templates > System > Prevent access to the command prompt
Note that enabling this restriction means that cmd.exe can’t be run at all — even during the execution of batch files in either .cmd or .bat formats.
3. Prevent Software Installations
There are many ways to block users from installing new software, which can help reduce the amount of cleaning and maintenance you need to do when careless users on the network inevitably install something bad.
To prevent software installations using Group Policy:
Computer Configurations > Administrative Templates > Windows Components > Windows Installer > Turn off Windows Installer
4. Prevent or Delay Windows Update
Forced updates are a highly controversial Windows 10 feature, but only you can decide how you feel about it and whether to disable them or not.
If you have Group Policy, then you also have the ability to defer big updates and upgrades for up to one year or pause them altogether:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Upgrades and Updates
Deferments can be indicated using months and weeks. Or you can select the checkbox labeled “Pause Upgrades and Updates”, which will turn them off until the next big update rolls around.
5. Disable Forced Restarts
Assuming you’ve kept Windows Update enabled, one huge annoyance that you’ve probably run into more than once is the fact that Windows pesters you to reboot after updating. You can postpone up to a point, but eventually it’s out of your hands.
To disable these forced restarts:
Computer Configuration > Administrator Templates > Windows Components > Windows Update > No auto-restart with logged on users for scheduled automatic update installations
Once the setting is enabled, you’ll have to reboot your system (funny, I know) or you can just launch an elevated Command Prompt and run the following command:
This forces any changes made to your Group Policy to take effect.
6. Disable Automatic Driver Updates
Here’s yet another automated feature that Windows will run without your explicit knowledge or permission: driver updates. In theory, this is quite useful as it aims to keep your system as up-to-date as possible.
But what if you’re running a custom driver? Or what if the latest driver for a certain hardware component has a bug that causes your particular system to crash? These are times when automatic driver updates can frustrate you to no end.
To disable automatic driver updates:
Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions > Prevent installation of devices that match any of these device IDs
For this to work, you’ll have to provide hardware IDs for the devices you don’t want automatic driver updates for. You can get these through the Device Manager, which you can do using these step-by-step instructions.
If you ever experience system instability or other issues due to a driver update, use the built-in Windows feature for driver rollbacks. It’s a good feature to know because one day it will save you a TON of headaches.
7. Disable Removable Media Drives
Are you the kind of person who would find a random USB drive on the ground, take it home, and plug it in to see what was on it? Probably not, but I’m sure you know someone who would do that!
The bad news is that randomly-found USB drives can be dangerous, which is why you might want to disable them altogether — especially in a business office setting. One malware-infected USB drive could bring down the whole network.
To disable removable media drives:
User Configuration > Administrative Templates > System > Removable Storage Access > Removable Disks: Deny read access
You’ll also see options for things like CDs, DVDs, WPD devices, and even floppy drives. Feel free to disable all of these as well, but USB drives are the main concern.
8. Turn Off Consumer Experience Promotions
It’s well known that Microsoft is collecting data from you, but until recently it was mostly for usability improvements and other practical benefits. With Windows 10, things went one step further with the Microsoft Consumer Experience.
Long story short, the Consumer Experience delivers personalized recommendations and notifications to you based on the data that Microsoft collects. The next time you see an ad in your Start Menu, this is why.
To disable the Consumer Experience:
Computer Configuration > Administrative Templates > Windows Components > Cloud Content > Turn off Microsoft consumer experiences
9. Turn Off Balloon and Toast Notifications
Desktop notifications can be handy, but only when they have something useful to say. Unfortunately, most of the notifications shown by Windows aren’t worth reading, and at worst can distract you and break concentration.
Here’s how to disable balloon notifications:
User Configuration > Administrative Templates > Start Menu and Taskbar > Turn off all balloon notifications
But starting with Windows 8, most system notifications switched over to toast notifications, so you might want to disable them instead:
User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications > Turn off toast notifications
Either way, this is an easy way to kiss those distractions goodbye.
10. Turn Off and Hide OneDrive
Yet another way in which Microsoft tries to force people down a certain path is the persistent pushing of users towards OneDrive. It’s baked into the operating system and you can’t disable it without Group Policy or the Registry Editor.
Disable OneDrive by enabling this:
Computer Configuration > Administrative Templates > Windows Components > OneDrive > Prevent the usage of OneDrive for file storage
This will remove the ability to access OneDrive from anywhere on the system, and it will remove the OneDrive shortcut in the sidebar of File Explorer. If it doesn’t work, try the alternative method for disabling OneDrive.
11. Turn Off Windows Defender
In Windows 10 Home, the only way to disable Windows Defender is to install a compatible third-party security suite. In editions of Windows 10 that support Group Policy, however, you can disable it without installing anything else.
To disable Windows Defender for good:
Computer Configuration > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender
That being said, we still recommend that you use a free security suite to maximize your protection against malware, viruses, etc. If not, at least install a one-time malware scanner that you can run monthly.
12. Run Scripts at Logon/Startup/Shutdown
This last tip is a bit more advanced and probably won’t be useful unless you’re comfortable with batch files and/or writing PowerShell scripts. But if you are, then you can actually run said scripts automatically.
To set up a startup/shutdown script:
Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)
To set up a logon/logoff script:
User Configuration > Windows Settings > Scripts (Logon/Logoff)
Doing this lets you select the actual script files and provide parameters for those scripts, so it’s pretty flexible in terms of what you can do. And, of course, you can assign multiple scripts to each trigger event.
Note that this isn’t the same as launching a specific program on startup. If you want to do that, then you’ll need to use this nifty Windows trick that few know about.
Take Back Control of Your Windows PC
If you feel beaten by Windows 10, don’t be. As we’ve shown, there’s a LOT you can control under the hood as long as you have access to the Group Policy feature. Is it enough of a reason to upgrade to Windows 10 Pro? We think so.
How do you use Group Policy to your benefit? Any other nifty tricks we missed? Is it worth upgrading just to get Group Policy? Let us know in a comment below!