Build a ThinBased-PC with Windows 7/8

By On In Group Policies
LinkedIn0
Google+0
Pinterest0

Thin Clients are often used (lower costs) is currently not the case anymore in many cases. Using a traditional workstation for connecting to a SBC/VDI infrastructure is getting more and more logical, although the users is working on Full Desktop where all applications are running in the data center.

The most important step is to lock-down the workstation. It depends on requirements and wishes of the organization/customer how many settings should be removed out of the user interface.There are scenarios where you would like to remove as much as possible, but also offering some applications or configuration settings are pretty logical. Think again of adjust screen resolution, keyboard/mouse settings and regional settings.

While there are both very good third parties as freeware products available to use a standard workstation as a Thin Client you can do it also using default Microsoft technologies, when there is no budget or freeware is not allowed in the company. With the article I would like to show you an example configuration to change your workstation to ThinBasedPC with group policy only.

 

Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
NL_GPO_MGT_ThinbasedPC
Data collected on: 7/8/2014 11:46:35 AM
General
Details
Domain Raylin.local
Owner raylin\Domain Admins
Created 6/19/2014 11:38:14 AM
Modified 7/8/2014 11:17:52 AM
User Revisions 141 (AD), 141 (sysvol)
Computer Revisions 244 (AD), 244 (sysvol)
Unique ID {CDAAEC72-0CDF-4A24-A1FE-2F71FB694E23}
GPO Status Enabled
Links
Location Enforced Link Status Path
ThinBasedPC No Enabled raylin.local/Computers/ThinBasedPC

This list only includes links in the domain of the GPO.

Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
raylin\Domain Admins Edit settings, delete, modify security No
raylin\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Public Key Policies/Trusted Root Certification Authorities
Properties
Policy Setting
Allow users to select new root certification authorities (CAs) to trust Enabled
Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only
Windows Firewall with Advanced Security
Global Settings
Policy Setting
Policy version Not Configured
Disable stateful FTP Not Configured
Disable stateful PPTP Not Configured
IPsec exempt Not Configured
IPsec through NAT Not Configured
Preshared key encoding Not Configured
SA idle time Not Configured
Strong CRL check Not Configured
Domain Profile Settings
Policy Setting
Firewall state Off
Inbound connections Not Configured
Outbound connections Not Configured
Apply local firewall rules Not Configured
Apply local connection security rules Not Configured
Display notifications Not Configured
Allow unicast responses Not Configured
Log dropped packets Not Configured
Log successful connections Not Configured
Log file path Not Configured
Log file maximum size (KB) Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Regional and Language Options
Policy Setting Comment
Force selected system UI language to overwrite the user UI language Enabled
Restricts the UI language Windows uses for all logged users Enabled
Restrict users to the following language: Dutch
Control Panel/User Accounts
Policy Setting Comment
Apply the default account picture to all users Enabled
Network/Background Intelligent Transfer Service (BITS)
Policy Setting Comment
Allow BITS Peercaching Disabled
Do not allow the computer to act as a BITS Peercaching client Enabled
Do not allow the computer to act as a BITS Peercaching server Enabled
Network/Network Connections
Policy Setting Comment
Prohibit use of Internet Connection Firewall on your DNS domain network Enabled
Prohibit use of Internet Connection Sharing on your DNS domain network Enabled
Network/Network Connections/Windows Firewall/Domain Profile
Policy Setting Comment
Windows Firewall: Protect all network connections Disabled
Network/Offline Files
Policy Setting Comment
Prevent use of Offline Files folder Enabled
Prohibit user configuration of Offline Files Enabled
Prevents users from changing any cache configuration settings.
Policy Setting Comment
Remove “Make Available Offline” command Enabled
Turn off reminder balloons Enabled
Network/Windows Connect Now
Policy Setting Comment
Prohibit access of the Windows Connect Now wizards Enabled
Printers
Policy Setting Comment
Always render print jobs on the server Enabled
Disallow installation of printers using kernel-mode drivers Enabled
Execute print drivers in isolated processes Enabled
Point and Print Restrictions Enabled
Users can only point and print to these servers: Enabled
Enter fully qualified server names separated by semicolons localhost
Users can only point and print to machines in their forest Disabled
Security Prompts:
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and later
System/Device Installation
Policy Setting Comment
Do not send a Windows error report when a generic driver is installed on a device Enabled
Prevent Windows from sending an error report when a device driver requests additional software during installation Enabled
Turn off “Found New Hardware” balloons during device installation Enabled
System/Filesystem/NTFS
Policy Setting Comment
Do not allow compression on all NTFS volumes Enabled
Do not allow encryption on all NTFS volumes Enabled
System/Group Policy
Policy Setting Comment
Configure user Group Policy loopback processing mode Enabled
Mode: Replace
System/Internet Communication Management
Policy Setting Comment
Restrict Internet communication Enabled
System/Internet Communication Management/Internet Communication settings
Policy Setting Comment
Turn off access to all Windows Update features Enabled
Turn off access to the Store Enabled
Turn off Automatic Root Certificates Update Enabled
Turn off downloading of print drivers over HTTP Enabled
Turn off Event Viewer “Events.asp” links Enabled
Turn off handwriting personalization data sharing Enabled
Turn off handwriting recognition error reporting Enabled
Turn off Help and Support Center “Did you know?” content Enabled
Turn off Help and Support Center Microsoft Knowledge Base search Enabled
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com Enabled
Turn off Internet download for Web publishing and online ordering wizards Enabled
Turn off Internet File Association service Enabled
Turn off printing over HTTP Enabled
Turn off Registration if URL connection is referring to Microsoft.com Enabled
Turn off Search Companion content file updates Enabled
Turn off the “Order Prints” picture task Enabled
Turn off the “Publish to Web” task for files and folders Enabled
Turn off the Windows Messenger Customer Experience Improvement Program Enabled
Turn off Windows Customer Experience Improvement Program Enabled
Turn off Windows Error Reporting Enabled
Turn off Windows Network Connectivity Status Indicator active tests Enabled
Turn off Windows Update device driver searching Enabled
System/Locale Services
Policy Setting Comment
Disallow changing of geographic location Enabled
System/Logon
Policy Setting Comment
Assign a default domain for logon Enabled
Default Logon domain: raylin.locall
Enter the name of the domain
Policy Setting Comment
Do not display the Getting Started welcome screen at logon Enabled
Hide entry points for Fast User Switching Enabled
Run these programs at user logon Enabled
Items to run at logon
iexplore.exe -K
Policy Setting Comment
Turn off Windows Startup sound Enabled
System/Power Management/Button Settings
Policy Setting Comment
Select the Power button action (on battery) Enabled
Power Button Action Shut down
Policy Setting Comment
Select the Power button action (plugged in) Enabled
Power Button Action Shut down
System/Power Management/Hard Disk Settings
Policy Setting Comment
Turn Off the hard disk (plugged in) Enabled
Turn Off the Hard Disk (seconds): 7200
System/Power Management/Sleep Settings
Policy Setting Comment
Allow applications to prevent automatic sleep (on battery) Disabled
Allow applications to prevent automatic sleep (plugged in) Disabled
Allow automatic sleep with Open Network Files (on battery) Disabled
Allow automatic sleep with Open Network Files (plugged in) Disabled
Allow standby states (S1-S3) when sleeping (on battery) Disabled
Allow standby states (S1-S3) when sleeping (plugged in) Disabled
Require a password when a computer wakes (on battery) Disabled
Require a password when a computer wakes (plugged in) Enabled
Specify the system hibernate timeout (on battery) Disabled
Specify the system hibernate timeout (plugged in) Disabled
Specify the system sleep timeout (on battery) Disabled
Specify the system sleep timeout (plugged in) Disabled
Specify the unattended sleep timeout (on battery) Disabled
Specify the unattended sleep timeout (plugged in) Disabled
Turn off hybrid sleep (on battery) Enabled
Turn off hybrid sleep (plugged in) Enabled
Turn on the ability for applications to prevent sleep transitions (on battery) Disabled
Turn on the ability for applications to prevent sleep transitions (plugged in) Disabled
System/Power Management/Video and Display Settings
Policy Setting Comment
Turn off the display (plugged in) Enabled
Turn Off the Display (seconds): 3600
System/Remote Assistance
Policy Setting Comment
Configure Offer Remote Assistance Disabled
Configure Solicited Remote Assistance Disabled
System/User Profiles
Policy Setting Comment
Add the Administrators security group to roaming user profiles Enabled
Delete cached copies of roaming profiles Enabled
Do not log users on with temporary profiles Enabled
Only allow local user profiles Enabled
Wait for remote user profile Enabled
Windows Components/Application Compatibility
Policy Setting Comment
Prevent access to 16-bit applications Enabled
Windows Components/AutoPlay Policies
Policy Setting Comment
Turn off Autoplay Enabled
Turn off Autoplay on: All drives
Windows Components/Desktop Gadgets
Policy Setting Comment
Turn off desktop gadgets Enabled
Windows Components/Desktop Window Manager
Policy Setting Comment
Do not allow Flip3D invocation Enabled
Do not allow window animations Enabled
Windows Components/Game Explorer
Policy Setting Comment
Turn off downloading of game information Enabled
Turn off game updates Enabled
Turn off tracking of last play time of games in the Games folder Enabled
Windows Components/HomeGroup
Policy Setting Comment
Prevent the computer from joining a homegroup Enabled
Windows Components/Internet Explorer
Policy Setting Comment
Disable Automatic Install of Internet Explorer components Enabled
Disable changing Automatic Configuration settings Enabled
Disable changing connection settings Enabled
Disable Periodic Check for Internet Explorer software updates Enabled
Disable showing the splash screen Enabled
Do not allow users to enable or disable add-ons Enabled
Enforce full-screen mode Enabled
Prevent access to Internet Explorer Help Enabled
Prevent bypassing SmartScreen Filter warnings Enabled
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet Enabled
Prevent changing proxy settings Enabled
Prevent changing the default search provider Enabled
Prevent Internet Explorer Search box from appearing Enabled
Prevent managing pop-up exception list Enabled
Prevent managing SmartScreen Filter Enabled
Select SmartScreen Filter mode Off
Policy Setting Comment
Prevent managing the phishing filter Enabled
Select phishing filter mode Off
Policy Setting Comment
Prevent participation in the Customer Experience Improvement Program Enabled
Prevent running First Run wizard Enabled
Select your choice Go directly to home page
Policy Setting Comment
Security Zones: Do not allow users to add/delete sites Enabled
Security Zones: Do not allow users to change policies Enabled
Turn off ability to pin sites in Internet Explorer on the desktop Enabled
Turn off Automatic Crash Recovery Enabled
Turn off Crash Detection Enabled
Turn off Favorites bar Enabled
Turn off Managing SmartScreen Filter for Internet Explorer 8 Enabled
Select SmartScreen Filter mode for Internet Explorer 8 Off
Policy Setting Comment
Turn off page-zooming functionality Enabled
Turn off pop-up management Enabled
Turn off Quick Tabs functionality Enabled
Turn off Reopen Last Browsing Session Enabled
Turn off tabbed browsing Enabled
Turn off the quick pick menu Enabled
Turn off the Security Settings Check feature Enabled
Windows Components/Internet Explorer/Accelerators
Policy Setting Comment
Turn off Accelerators Enabled
Windows Components/Internet Explorer/Browser menus
Policy Setting Comment
Turn off Print Menu Enabled
Windows Components/Internet Explorer/Compatibility View
Policy Setting Comment
Use Policy List of Internet Explorer 7 sites Enabled
List of sites
raylin.nl
raylin.local
Windows Components/Internet Explorer/Delete Browsing History
Policy Setting Comment
Allow deleting browsing history on exit Enabled
Windows Components/Internet Explorer/Internet Control Panel
Policy Setting Comment
Disable the Advanced page Enabled
Disable the Connections page Enabled
Disable the Content page Enabled
Disable the General page Enabled
Disable the Privacy page Enabled
Disable the Programs page Enabled
Disable the Security page Enabled
Windows Components/Internet Explorer/Internet Control Panel/Security Page
Policy Setting Comment
Intranet Sites: Include all network paths (UNCs) Enabled
Intranet Sites: Include all sites that bypass the proxy server Enabled
Site to Zone Assignment List Enabled
Enter the zone assignments here.
https://desktop.raylin.nl/vpn/index.html 1
http://ctxweb.raylin.local/Citrix/XenApp/ 1
https://netwerk.raylin.nl/vpn/index.html 1
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
Policy Setting Comment
Launching applications and files in an IFRAME Enabled
Launching applications and files in an IFRAME Enable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
Policy Setting Comment
Allow active scripting Enabled
Allow active scripting Enable
Policy Setting Comment
Launching applications and files in an IFRAME Enabled
Launching applications and files in an IFRAME Enable
Windows Components/Internet Explorer/Internet Settings/Component Updates/Help Menu > About Internet Explorer
Policy Setting Comment
Prevent specifying cipher strength update information URLs Enabled
Cipher Strength Update Information URL:
Windows Components/Internet Explorer/Internet Settings/Component Updates/Periodic check for updates to Internet Explorer and Internet Tools
Policy Setting Comment
Prevent specifying the update check interval (in days) Enabled
Update check interval (in days): 30
Windows Components/Internet Explorer/Security Features
Policy Setting Comment
Turn off Data Execution Prevention Enabled
Windows Components/Internet Explorer/Toolbars
Policy Setting Comment
Hide the Command bar Enabled
Lock all toolbars Enabled
Turn off Developer Tools Enabled
Turn off toolbar upgrade tool Enabled
Windows Components/Internet Information Services
Policy Setting Comment
Prevent IIS installation Disabled
Windows Components/NetMeeting
Policy Setting Comment
Disable remote Desktop Sharing Enabled
Windows Components/Network Projector
Policy Setting Comment
Turn off Connect to a Network Projector Enabled
Windows Components/Online Assistance
Policy Setting Comment
Turn off Active Help Enabled
Windows Components/Remote Desktop Services/Remote Desktop Connection Client
Policy Setting Comment
Do not allow passwords to be saved Enabled
Windows Components/RSS Feeds
Policy Setting Comment
Prevent access to feed list Enabled
Prevent automatic discovery of feeds and Web Slices Enabled
Prevent downloading of enclosures Enabled
Prevent subscribing to or deleting a feed or a Web Slice Enabled
Turn off background synchronization for feeds and Web Slices Enabled
Turn on Basic feed authentication over HTTP Enabled
Windows Components/Security Center
Policy Setting Comment
Turn on Security Center (Domain PCs only) Disabled
Windows Components/Sound Recorder
Policy Setting Comment
Do not allow Sound Recorder to run Enabled
Windows Components/Windows Calendar
Policy Setting Comment
Turn off Windows Calendar Enabled
Windows Components/Windows Customer Experience Improvement Program
Policy Setting Comment
Allow Corporate redirection of Customer Experience Improvement uploads Disabled
Windows Components/Windows Defender
Policy Setting Comment
Turn off Windows Defender Enabled
Windows Components/Windows Error Reporting
Policy Setting Comment
Disable logging Enabled
Disable Windows Error Reporting Enabled
Windows Components/Windows Installer
Policy Setting Comment
Prevent Internet Explorer security prompt for Windows Installer scripts Enabled
Turn off Windows Installer Enabled
Disable Windows Installer Never
Windows Components/Windows Mail
Policy Setting Comment
Turn off Windows Mail application Enabled
Windows Components/Windows Media Center
Policy Setting Comment
Do not allow Windows Media Center to run Enabled
Windows Components/Windows Media Digital Rights Management
Policy Setting Comment
Prevent Windows Media DRM Internet Access Enabled
Windows Components/Windows Media Player
Policy Setting Comment
Do Not Show First Use Dialog Boxes Enabled
Prevent Automatic Updates Enabled
Prevent Desktop Shortcut Creation Enabled
Prevent Media Sharing Enabled
Prevent Quick Launch Toolbar Shortcut Creation Enabled
Windows Components/Windows Messenger
Policy Setting Comment
Do not allow Windows Messenger to be run Enabled
Windows Components/Windows Mobility Center
Policy Setting Comment
Turn off Windows Mobility Center Enabled
Windows Components/Windows PowerShell
Policy Setting Comment
Turn on Script Execution Enabled
Execution Policy Allow all scripts
Preferences
Windows Settings
Registry
AutoAdminLogon (Order: 1)
General
Action Replace

Properties

Hive HKEY_LOCAL_MACHINE
Key path SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name AutoAdminLogon
Value type REG_SZ
Value data 1
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
DefaultDomainName (Order: 2)
General
Action Replace

Properties

Hive HKEY_LOCAL_MACHINE
Key path SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name DefaultDomainName
Value type REG_SZ
Value data raylin.local
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
DefaultUserName (Order: 3)
General
Action Replace

Properties

Hive HKEY_LOCAL_MACHINE
Key path SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name DefaultUserName
Value type REG_SZ
Value data Kiosk
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
DefaultPassword (Order: 4)
General
Action Replace

Properties

Hive HKEY_LOCAL_MACHINE
Key path SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name DefaultPassword
Value type REG_SZ
Value data Kiosk1!
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
DisableLockWorkstation (Order: 5)
General
Action Replace

Properties

Hive HKEY_LOCAL_MACHINE
Key path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value name DisableLockWorkstation
Value type REG_SZ
Value data 1
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
FullScreen (Order: 6)
General
Action Replace

Properties

Hive HKEY_CURRENT_USER (HKU\.DEFAULT)
Key path Software\Microsoft\Internet Explorer\Main
Value name FullScreen
Value type REG_SZ
Value data yes
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied Yes
Control Panel Settings
Power Options
Power Plan (Windows Vista) (Name: Balanced)
Power Plan (Windows Vista and later) (Order: 1)
Properties
Action Create
Make this the active Power Plan: Enabled
Name Balanced
When computer is: Plugged in Running on batteries
Require a password on wakeup: No No
Allow hybrid sleep: Off Off
Lid close action: Do nothing Do nothing
Power button action: Shutdown Shutdown
Start menu power button: Shutdown Shutdown
Link State Power Management: Moderate power savings Maximum power savings
Minimum processor state: After 5 minutes After 5 minutes
Maximum processor state: After 100 minutes After 100 minutes
Adaptive display: On On
Critical battery action: Do nothing Do nothing
Low battery level: After 10 minutes After 10 minutes
Critical battery level: After 5 minutes After 5 minutes
Low battery notification: Off Off
Low battery action: Do nothing Do nothing
Common

Options

Stop processing items on this extension if an error occurs on this item No
Remove this item when it is no longer applied No
Apply once and do not reapply No
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
Policy Setting Comment
Always open All Control Panel Items when opening Control Panel Enabled
Show only specified Control Panel items Enabled
List of allowed Control Panel items
desk.cpl
Microsoft.Display
Control Panel/Add or Remove Programs
Policy Setting Comment
Hide Add/Remove Windows Components page Enabled
Control Panel/Personalization
Policy Setting Comment
Enable screen saver Disabled
Force a specific visual style file or force Windows Classic Enabled
Path to Visual Style: %windir%\Resources\Ease of Access Themes\basic.theme
To select Aero type:
%windir%\resources\Themes\Aero\aero.msstyles
To select a different visual style, type:
ie: \\<server>\share\Corp.msstyles
To select Windows Classic, leave the box
above blank and enable this setting
Policy Setting Comment
Prevent changing color and appearance Enabled
Prevent changing color scheme Enabled
Prevent changing desktop background Enabled
Prevent changing desktop icons Enabled
Prevent changing mouse pointers Enabled
Prevent changing screen saver Enabled
Prevent changing sounds Enabled
Prevent changing theme Enabled
Prevent changing visual style for windows and buttons Enabled
Prohibit selection of visual style font size Enabled
Control Panel/Printers
Policy Setting Comment
Prevent addition of printers Enabled
Prevent deletion of printers Enabled
Control Panel/Programs
Policy Setting Comment
Hide “Get Programs” page Enabled
Hide “Installed Updates” page Enabled
Hide “Programs and Features” page Enabled
Hide “Set Program Access and Computer Defaults” page Enabled
Hide “Windows Features” Enabled
Hide “Windows Marketplace” Enabled
Hide the Programs Control Panel Enabled
Desktop
Policy Setting Comment
Do not add shares of recently opened documents to Network Locations Enabled
Don’t save settings at exit Enabled
Hide and disable all items on the desktop Enabled
Hide Internet Explorer icon on desktop Enabled
Hide Network Locations icon on desktop Enabled
Prevent adding, dragging, dropping and closing the Taskbar’s toolbars Enabled
Prohibit adjusting desktop toolbars Enabled
Prohibit User from manually redirecting Profile Folders Enabled
Remove Computer icon on the desktop Enabled
Remove My Documents icon on the desktop Enabled
Remove Properties from the Computer icon context menu Enabled
Remove Properties from the Documents icon context menu Enabled
Remove Properties from the Recycle Bin context menu Enabled
Remove Recycle Bin icon from desktop Enabled
Remove the Desktop Cleanup Wizard Enabled
Turn off Aero Shake window minimizing mouse gesture Enabled
Desktop/Desktop
Policy Setting Comment
Disable Active Desktop Disabled
Network/Windows Connect Now
Policy Setting Comment
Prohibit access of the Windows Connect Now wizards Enabled
Start Menu and Taskbar
Policy Setting Comment
Clear history of recently opened documents on exit Enabled
Clear the recent programs list for new users Enabled
Do not allow pinning items in Jump Lists Enabled
Do not allow pinning programs to the Taskbar Enabled
Do not display any custom toolbars in the taskbar Enabled
Do not display or track items in Jump Lists from remote locations Enabled
Do not keep history of recently opened documents Enabled
Do not search communications Enabled
Do not search for files Enabled
Do not search Internet Enabled
Do not search programs and Control Panel items Enabled
Do not use the search-based method when resolving shell shortcuts Enabled
Do not use the tracking-based method when resolving shell shortcuts Enabled
Hide the notification area Enabled
Lock all taskbar settings Enabled
Lock the Taskbar Enabled
Pin Apps to Start when installed Disabled
Prevent changes to Taskbar and Start Menu Settings Enabled
Prevent users from adding or removing toolbars Enabled
Prevent users from customizing their Start Screen Enabled
Prevent users from moving taskbar to another screen dock location Enabled
Prevent users from rearranging toolbars Enabled
Prevent users from resizing the taskbar Enabled
Prevent users from uninstalling applications from Start Enabled
Remove access to the context menus for the taskbar Enabled
Remove All Programs list from the Start menu Enabled
Remove Balloon Tips on Start Menu items Enabled
Remove common program groups from Start Menu Enabled
Remove Default Programs link from the Start menu. Enabled
Remove Documents icon from Start Menu Enabled
Remove Downloads link from Start Menu Enabled
Remove Favorites menu from Start Menu Enabled
Remove frequent programs list from the Start Menu Enabled
Remove Games link from Start Menu Enabled
Remove Help menu from Start Menu Enabled
Remove Homegroup link from Start Menu Enabled
Remove links and access to Windows Update Enabled
Remove Logoff on the Start Menu Enabled
Remove Music icon from Start Menu Enabled
Remove Network Connections from Start Menu Enabled
Remove Network icon from Start Menu Enabled
Remove Pictures icon from Start Menu Enabled
Remove pinned programs from the Taskbar Enabled
Remove pinned programs list from the Start Menu Enabled
Remove Recent Items menu from Start Menu Enabled
Remove Recorded TV link from Start Menu Enabled
Remove Run menu from Start Menu Enabled
Remove Search link from Start Menu Enabled
Remove See More Results / Search Everywhere link Enabled
Remove the Action Center icon Enabled
Remove the battery meter Enabled
Remove the networking icon Enabled
Remove user folder link from Start Menu Enabled
Remove user name from Start Menu Enabled
Remove user’s folders from the Start Menu Enabled
Remove Videos link from Start Menu Enabled
Show QuickLaunch on Taskbar Disabled
Turn off all balloon notifications Enabled
Turn off feature advertisement balloon notifications Enabled
Turn off notification area cleanup Enabled
Turn off personalized menus Enabled
Turn off user tracking Enabled
System/Ctrl+Alt+Del Options
Policy Setting Comment
Remove Change Password Enabled
Remove Lock Computer Enabled
Remove Logoff Enabled
Remove Task Manager Enabled
Windows Components/AutoPlay Policies
Policy Setting Comment
Set the default behavior for AutoRun Enabled
Default AutoRun Behavior Do not execute any autorun commands
Policy Setting Comment
Turn off Autoplay Enabled
Turn off Autoplay on: All drives
Windows Components/Desktop Gadgets
Policy Setting Comment
Turn off desktop gadgets Enabled
Windows Components/File Explorer
Policy Setting Comment
Hide these specified drives in My Computer Enabled
Pick one of the following combinations Restrict A, B, C and D drives only
Policy Setting Comment
Prevent access to drives from My Computer Enabled
Pick one of the following combinations Restrict A, B, C and D drives only
Policy Setting Comment
Remove Search button from File Explorer Enabled
Turn off Windows+X hotkeys Enabled
Windows Components/Internet Explorer
Policy Setting Comment
Disable changing home page settings Enabled
Home Page http://ctxweb.raylin.local/Citrix/XenApp/
Policy Setting Comment
Enforce full-screen mode Enabled
Search: Disable Find Files via F3 within the browser Enabled
Turn off the quick pick menu Enabled
Windows Components/Internet Explorer/Browser menus
Policy Setting Comment
File menu: Disable closing the browser and Explorer windows Enabled
View menu: Disable Full Screen menu option Enabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
Policy Setting Comment
Turn on Caret Browsing support Disabled
Windows Components/Internet Explorer/Privacy
Policy Setting Comment
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Enabled
Turn off InPrivate Browsing Enabled
Windows Components/Internet Explorer/Toolbars
Policy Setting Comment
Turn off Developer Tools Enabled
Windows Components/Microsoft Management Console
Policy Setting Comment
Restrict the user from entering author mode Enabled
Windows Components/Windows Calendar
Policy Setting Comment
Turn off Windows Calendar Enabled

 

Comments are closed.