Damien Coles
f172d00514
Infrastructure-as-code framework for Active Directory objects and Group Policy. Sanitized from production deployment for public sharing.
Users-01 GPO
GUID: Auto-created on first Apply-GPOBaseline.ps1 run
Linked to: OU=ExampleUsers,DC=example,DC=internal
Scope: User Configuration (HKCU) -- Administrative Templates only
This GPO applies to all user accounts in the ExampleUsers OU. Settings follow the user to any domain-joined machine they log into.
Settings
Desktop Hardening
| Setting | Value | Effect |
|---|---|---|
| DisableRegistryTools | 1 | Blocks regedit.exe |
| DisableCMD | 2 | Blocks cmd.exe, allows batch files |
| NoRun | 1 | Removes Run from Start Menu |
| NoChangingWallPaper | 1 | Prevents changing desktop wallpaper |
| NoAddRemovePrograms | 1 | Hides Programs & Features in Control Panel |
| NoAddPrinter | 1 | Prevents adding printers |
UX Standardization
| Setting | Value | Effect |
|---|---|---|
| Wallpaper | C:\Windows\Web\Wallpaper\Windows\img0.jpg |
Default Windows wallpaper (replace with corporate UNC path when ready) |
| WallpaperStyle | 10 | Fill mode |
| SearchboxTaskbarMode | 0 | Hides Search box on taskbar |
| ShowTaskViewButton | 0 | Hides Task View button |
| TurnOffWindowsCopilot | 1 | Disables Windows Copilot |
| TaskbarDa | 0 | Hides Widgets |
Notes
- No SecurityPolicy (GptTmpl.inf) settings -- user rights, account policies, and audit settings are Computer Configuration only
- All 12 settings are registry-based, applied via
Set-GPRegistryValue - Wallpaper currently points to the built-in Windows image; replace with a UNC path (e.g.,
\\example.internal\NETLOGON\wallpaper.jpg) when a corporate wallpaper is ready - Taskbar settings (Widgets, Copilot) are Windows 11 / Server 2025 specific -- no-ops on older OS