We can modify the control panel like some common systems, appearances, and network settings, but we are certainly not satisfied with this, because there are too few items that can be modified through the control panel; users with a relatively high level can use the method of modifying the registry, but the Registry involves too much content and it is not convenient to modify it. The Group Policy is between the two and involves more content than the control panel. The security is as high as the control panel, while the organization and operability are better than the registry.
This article describes the application of Windows XP Professional local group policy. The local computer group policy can be configured in two aspects: Computer Configuration and user configuration. The configuration of all settings under it will be saved to the relevant items in the registry. The computer configuration is saved to the HKEY_LOCAL_MACHINE subtree of the Registry, and the user configuration is saved to HKEY_CURRENT_USER.
1. Access Group Policy
There are two ways to access the Group Policy: one is to directly enter the Group Policy window through the gpedit. msc command; the other is to open the console and add the Group Policy.
1. Enter the gpedit. msc command to access
Select Start> Run, enter gpedit. MSC in the pop-up window, and press enter to enter the enrollment policy window (figure 1 ). The structure of the Group Policy window is similar to that of the Resource Manager. The tree directory structure on the left is composed of two nodes: "Computer Configuration" and "user configuration. Both nodes have three nodes: "software Settings", "Windows Settings", and "management template". More nodes and settings are available under the nodes. Click nodes or settings in the window on the right, and a description of the applicable platform and role of the node or settings appears. Many subnodes and settings under "Computer Configuration" and "user configuration" are the same. Which one should we change? The settings on the "Computer Configuration" node are applied to the entire computer policy. The modified settings are applied to all users on the computer. The settings on the "user configuration" node are generally only applied to the current user. If you log on to the computer with another user name, the settings will not work. However, it is generally recommended that you modify the settings under the "user configuration" node. This article also describes how to modify the settings of the "user configuration" node, some settings under the "Computer Configuration" node are described. The "management template" has the most settings and the widest application, so it is also the top priority of this article.
2. Access Group policies through the console
Click Start> Run, enter MMC, and press enter to enter the console window. Click "file"> "Add/delete Management Unit" in the console window, and click "add" in the pop-up window (figure 2 ), then select "Group Policy" and click "add" (Figure 3). In the "select group policy object" dialog box next, select an object. Because the policy object in our group is "Local Computer", you do not need to change it. If it is another computer on the network, click "Browse" and select this computer. In addition, if you want to save the Group Policy console and choose to open the Group Policy object in the console through the command line, select "when starting from the command line, allow you to change the focus of the 'group policy managementunit 'check box (figure 4 ). The added Group Policy 5 is shown in.
2. taskbar and start menu item settings
This node allows you to add, delete, or disable a function item for the Start Menu, taskbar, and notification area. Expand "user configuration"> "management template"> "Taskbar and" start "menu" in sequence ", in the right window, you can see the specific settings under the "Taskbar and 'start' menu" node. The status is "not configured" (figure 6 ).
1. Weight Loss from the "Start" menu
There are many menu items in the "Start" menu of Windows XP. You can delete unnecessary items through the Group Policy. Take the "My Documents" icon in the "delete start" menu as an example to see the specific operation method: double-click the "delete my documents" icon from the "Start" menu in the right window, in the displayed dialog box, click "enabled" in the "Settings" tab, and then click "OK" (figure 7 ), in this way, the "My Documents" icon in the "Start" menu will be hidden.
2. Prevent privacy leaks
There is a menu item "my most recent documents" in the Start menu. You can use this menu to access the documents you recently opened. To ensure security, you can delete this menu item, and set not to save the most recent opened document records. Double-click "do not keep records of recently opened documents", "clear recent records of recently opened documents upon exit", and "delete 'Doc' menu from the 'start' menu, in the displayed dialog box, click "started" and click "OK.
3. Do not modify the taskbar and start menu at will.
To protect the taskbar and start menus that are hard to set, you can double-click to enable the following settings.
"Stop changing 'taskbar and 'start' menu settings": deletes the "Taskbar and 'start' menu items from the" Settings "menu item in the" Start "menu, this setting also prevents users from opening the "Taskbar properties" dialog box. "Blocked access to the context menu of the taskbar" (context menu is the shortcut menu that is right-clicked): Hide the menu when right-clicking the taskbar and the project on the taskbar, for example, the start button, clock, and taskbar button, but cannot be changed elsewhere. "Lock Taskbar": enable this setting to prevent users from moving the taskbar or adjusting the size of the taskbar. However, automatic hiding and other taskbar options are still available in "Taskbar properties.
4. Remove the graphical settings from the "Start" menu of Windows XP.
Many graphical settings are added to the "Start" menu of Windows XP. In fact, you can disable these functions in group policies.
"Close personalized menu": Windows XP automatically moves the recently used menu items to the top of the Start menu and hides the menu items that have not been used recently to personalize the menu, enabling this setting will disable the personalized menu. "Force typical menu": When this setting is enabled, a typical Start Menu is displayed in Windows 2000 style and a standard desktop icon is displayed.
5. Disable "logout" and "shutdown"
3D animation design and video processing often take several hours to export a large animation or video file. If someone restarts a computer or logs out a user, the previous work will be wasted, so it is necessary to disable the "logout" and "shutdown" menu items in the "Start" menu. You only need to double-click to enable the "logout" and "Delete and block access to the" shutdown "command on the" Start "menu. The next setting will not only delete the "Close computer" item from the "Start" menu, but also disable the "shutdown" option in the "Windows Task Manager" dialog box (figure 8 ).
Iii. Desktop Project Settings
In the left window of "Group Policy", expand "user configuration"> "management template"> "desktop" node to view all settings on the desktop (figure 9 ). This node is mainly used to manage users' rights to use desktops and hide desktop icons.
1. Hide unnecessary desktop icons
Some shortcuts on the desktop can be easily deleted, but to delete default icons such as "My Computer", "recycle bin", and "Network neighbors", You need to rely on "group policy. For example, to delete "My documents", you only need to set it in the "delete my documents" icon on the desktop.
2. Prohibit Desktop changes
The group policy can be used to prevent others from modifying some desktop settings. The "prohibit users from changing the 'my docs' path" item prevents users from changing the path of the "My Documents" folder. The "prohibit adding, dragging, dropping, and disabling the toolbar of the taskbar" item prevents users from adding or deleting the taskbar from the desktop. Double-click to enable "do not save settings when exiting", the user cannot save the changes to the desktop. Finally, double-click to enable "hide and disable all projects on the desktop" to delete icons, shortcuts, and Other Default and user-defined projects from the desktop, even the right-click menu on the desktop will be disabled.
3. enable or disable Active Desktop
You can use the "Active Desktop" item to set various properties of the Active Desktop as needed. "Enable active desktop" can enable active desktop and prevent users from disabling it. The Active Desktop Wallpaper option specifies the desktop wallpaper displayed on all users' desktops (Figure 10 ). Enable the "do not allow changes" option to prevent users from changing the Active Desktop configuration.
4. Hide or disable Control Panel items
The control panel Project Settings mentioned here refer to the settings of the control panel program, which are mainly used to hide or prohibit Control Panel projects. Expand "user configuration"> "management template"> "Control Panel" in the left-side window of the Group Policy, all settings and subnodes under the control panel node are displayed (figure 11 ).
1. Hide or disable "Add/delete programs"
Expand "Add/delete programs". Double-click to enable the "delete" Add/delete programs "option. Then, the" Add/delete programs "option in the control panel will be deleted. In addition, the "add or delete programs" dialog box contains three pages: "change or delete programs", "add new programs", and "Add/delete Windows Components "; when you enter the "Add new program" page, you will find three options: add programs from CD-ROM or floppy disk, add programs from Microsoft, and add programs from network (Figure 12) If you want to hide these specific pages or options, you can enable the hidden feature directly in the "Add/delete programs" item of the Group Policy.
2. Hide or disable "display" items
Expand "display" and find that this item is the same as the previous one. You can hide the tab in the "show properties" dialog box. This is not detailed here. For example, after you double-click to enable "Hide 'desktop 'tab", the "desktop" option will no longer appear in the "display window" (figure 13 ). In addition, you can enable "delete display" in the control panel. When you double-click to open the "display" item in the control panel, a dialog box is displayed, prompting you: the system administrator is not allowed to use the "display" Control Panel (figure 14 ).
3. Miscellaneous
Expand "display"> "desktop topic", double-click "delete topic option", "Block Selection window and button style", and "Disable font size, prevents others from changing the theme, window, button style, and font. Expand printer, double-click to enable "" or "" to prevent other users from adding or deleting printers. Finally, enable "forbidden access control panel" directly under "Control Panel", and the Control Panel will not start.
V. System Project Settings
This item is set in "user configuration"> "management template"> "system" (figure 15 ). The system settings in the Group Policy involve logon, power management, Group Policy, script, and many other projects. The following section clears closely related items and lists them as follows:
1. The welcome screen is not displayed at login.
Windows 2000 and Windows XP have a welcome screen by default when you log on to the system. Although it is beautiful, it is also troublesome and time-consuming. you can remove it through the Group Policy. Double-click to enable "Do Not Display welcome screen upon Logon" under the "system" node. The welcome screen is hidden every time a user logs on.
2. Disable Registry Editor
To prevent others from modifying the registry, you can disable access to the registry editor in the Group Policy. Double-click to enable the "prohibit access to registry editor" option under the "system" node. when a user attempts to start the Registry Editor, the system will prompt that the registration editor has been disabled by the Administrator (figure 16 ). In addition, if your registry editor is locked, double-click this setting. In the "Settings" tab in the pop-up dialog box, click "Not Configured" to unlock your registry. To prevent users from using other registry editing tools to open the registry, double-click to enable "run only licensed Windows Applications ".
3. Disable automatic playback.
Once you insert the disc into the optical drive, Windows XP will start to read the optical drive and start related applications. In this way, although it brings convenience to our work, it also brings a lot of trouble in some cases. On the "System" node, set "Disable automatic playback". Double-click it and click "enabled" in the "Settings" tab in the displayed dialog box ", in the disable auto play box, select the CD-ROM initiator or all drives item (figure 17 ).
Note: This setting does not prevent automatic playing of music CD.
4. Disable Automatic Windows Update.
Every time a user connects to the Internet, Windows XP searches for available updates on the user's computer. Based on the configuration, the user is prompted when the downloaded component is ready for installation or before the download. If you do not like the self-proclaimed attitude of Bill Boss, you can disable this function through group policy. You only need to double-click the "Windows automatic update" setting item under the "system" node. In the displayed dialog box, click "disabled" and click "OK.
5. CTRL + ALT + DEL Option
If you have canceled the "use welcome screen" option for Windows XP users, if you press the "CTRL + ALT + DEL" key at the same time, a "Windows Security" dialog box will pop up, in this dialog box, there are six buttons (Figure 18): "lock the computer", "logout", "shut down", "Change Password", "Task Manager", and "cancel ). Everyone knows that every button here plays a key role in the system. To prevent others from performing operations, you can use group policies to block these buttons.
Find the "CTRL + ALT + DEL option" under "system ", double-click "delete Task Manager", "delete" lock computer "," delete Password Change ", and" delete logout "to disable the" Task Manager "in the" Windows Security "dialog box. "," lock the computer "," Change Password ", and" cancel.
Note: The menu items "logout" and "shutdown" are blocked. Under the "user configuration"> "management template"> "Taskbar and" start "menu" node.
6. Hide or delete a project in Windows XP Resource Manager
Resource Manager has always been the most important tool in Windows systems. How to manage resources efficiently and securely has always been the unremitting pursuit of computer users. Expand "user configuration"> "management template"> "Windows Components"> "Windows Resource Manager, you can see all the settings under the "Windows Resource Manager" Node (figure 19 ). Next, let's take a look at how to personalize the resource manager through group policies.
1. Delete "Folder Options"
"Folder option" is an important menu item in the resource manager. You can modify the File Viewing mode and edit the file opening mode (Figure 20 ). We can delete this menu item to prevent others from making changes at will after setting it ourselves, you only need to double-click to enable "delete 'Folder options' menu from the 'tool' menu" to complete this setting.
2. Hide "manage" menu items
In resource manager, right-click "my computer" and choose "manage" from the shortcut menu, you can open a "Computer Management" window that contains "Event Viewer", "local users and groups", "Device Manager", "disk management", and other tools (Figure 21 ). To protect your computer from the unintentional damages of others, you can double-click to enable the "hide the 'Management' project on the Windows Resource Manager context menu" option to shield this menu item.
3. Hide other projects
In addition, you can hide your specified drive (Figure 22) by enabling "hide these specified drives in my PC ). You can also disable the "entire network" item by enabling "the network neighborhood does not include the entire network. Double-click to enable the "delete CD burning function" to delete the CD burning function that comes with Windows XP. Double-click to enable "do not move deleted files to the 'recycle bin '". Then, the deleted files will not be deleted from the recycle bin. Of course, there are still many projects that are not mentioned here. You can discuss and configure them as needed.
VII. IE browser Project Settings
Expand "user configuration"> "management template"> "Windows Components"> "Internet Explorer" in the left-side window of the Group Policy, all settings and subnodes under the Internet Explorer node are displayed in the right window (figure 23 ). Internet Explorer is a Web browser that comes with Windows XP and is also used by most users, but its security is also criticized. The following describes how to "modify" it through group policies ".
1. Add shortcuts in the IE Toolbar
I don't know if you have noticed this. After installing many software, you will add the icon on the IE Toolbar and click it to enable the corresponding program. In fact, you can use group policies to add shortcuts to any program on the IE Toolbar. Here is an example of how to add an ICQ startup icon. Expand "browser user interface" under "Internet Explorer Maintenance", double-click "browser toolbar custom" Settings, and click "add" in the displayed dialog box, in the "toolbar" dialog box, enter "ICQ" in the "toolbar title", and enter "D: \ fun \ icqlite \ icqlite.exe" in "toolbar operations, then select a "color icon" or "grayscale icon" (Figure 24, you can also use exists to extract the ICQ icon ). Click "OK" and an ICQ icon is added to the IE Toolbar!
2. Make the IE Plug-In stop harassing you
When we browse the Web page online, there will always be prompts such as "whether to install flash plug-in" and "whether to install 3721 real-name network", which is just as annoying as an advertisement window. In fact, you can disable this prompt by enabling "Disable Automatic Installation of Internet Explorer Components" under the "Internet Explorer" node in the Group Policy. However, sometimes this function is also very useful, so please consider it a little before disabling this function.
3. Protect your privacy
Generally, you can click the "History" button on the IE Toolbar to learn about web pages and files you have browsed before. To keep this confidential, you can double-click the "do not keep records of recently opened documents" and "clear recently opened records at exit" settings under the "Internet Explorer" node, in this way, click the "History" button on the IE Toolbar. All history Web pages you have visited will disappear.
4. Prohibited Items
If you do not want others to modify your homepage, you can enable the "Disable change homepage Settings" setting under the "Internet Explorer" node to prevent others from changing your homepage (figure 25 ). You can also access the "browser menu" to enable the settings to block some menu items in IE. Finally, on the "Internet control panel" node, you can hide some tabs in the "Internet Options" dialog box (figure 26 ).
8. System Security Settings
Since its own computer, security has always been the focus of attention, and Windows XP is no exception. In group policies, system security configurations are generally performed in "Computer Configuration"> "Windows Settings"> "Security Settings.
1. Password Policy
This policy is configured on the "Account Policy"> "password policy" Node (figure 27 ). Password is a major risk of system security. You can set the minimum length of the password by setting a group policy: Double-click to enable the "Password Must Meet Complexity Requirements" setting item, after confirming, double-click the "minimum password length" setting item. In the displayed dialog box, set the minimum password length to 8 or greater. In this way, you must enter more than 8 characters when setting the account password, security is much higher.
2. User Rights Assignment
Expand "Local Policy"> "User Privilege assignment", and all settings under the "User Privilege assignment" node are displayed in the right window (figure 28 ). Assigning user rights appropriately can solve some strange problems. For example, a friend who uses Windows XP in a LAN may find a strange phenomenon, that is, even if you enable the Guest user and grant permissions, users of other Windows 9x Operating Systems in the LAN still cannot access the shared resources in Windows XP. This problem can be solved by modifying the relevant settings in the Group Policy: double-click the "Deny access to this computer from network" setting item under the "user rights assignment" node, in the displayed dialog box, click "guest", click "delete", and click "OK" (figure 29 ). On the "user rights assignment" node, you can also add many permissions to users, such as adding remote shutdown permissions to guest and adding general users with the permission to change the system time.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
