FreeKB - How to restrict access to the control panel using Group Policy
How to restrict access to the control panel using Group Policy
Home > Search > How-to

These steps restrict access to the control panel using Group Policy on an individual computer, but not through a domain controller. This is practical if you only have a few computers in the network.

  1. Open an MMC:
    • If using Windows 8 or above, right-click on the Windows Start icon, select run, type MMC, and press enter
    • If using Windows 7 or below, left-click on the Windows Start icon, select run, type MMC, and press enter
  2. Select File > Add/Remove snap-in
  3. In the list of Available snap-ins, select Group Policy Object Editor and select Add
  4. In the Welcome to the Group Policy Wizard pop-up box, select Browse
  5. Select the Users tab
  6. Highlight Administrator and select OK
  7. Select Finish
  8. Select OK
  9. Expand Local Computer\\Administrator Policy > User Configuration > Administrative Templates, and select Control Panel
  10. Double-click Prohibit access to Control Panel and PC settings
  11. In the Prohibit access to Control Panel and PC settings pop-up box, select Enabled
  12. Select OK

Now, Administrator accounts will be able to access the Control Panel, and non-Administrator accounts will not be allowed access to the Control Panel.

If you have a large number of computers in the network, this is impractical and would be better done on in Active Directory:

Create a new Group Policy Object (GPO):

  1. In Server Manager, select Tools > Group Policy Management
  2. In Group Policy Management, right-click on Group Policy Objects > New
  3. In the New GPO pop-up box, let's name the GPO ControlPanel and select OK

Configure the GPO to restrict access to the Control Panel:

  1. Right-click on the ControlPanel GPO and select Edit
  2. Expand User Configuration > Administrative Templates, and select Control Panel
  3. Right-click on Prohibit access to Control Panel and PC settings and select Edit
  4. In the Prohibit access to Control Panel and PC settings pop-up box, select Enabled and select OK

We can now apply this GPO to another object. For example, if we have a Sales OU, we could right-click on the Sales OU, select Link an Existing GPO, and select the ControlPanel GPO.

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments

FreeKB   |   2019   |   support@freekb.net