projects/declarative-ad-framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
declarative-ad-framework/gpo/users-01/settings.ps1
Damien Coles f172d00514 Initial release: Declarative AD Framework v2.1.0 
Infrastructure-as-code framework for Active Directory objects and Group Policy.
Sanitized from production deployment for public sharing.
2026-02-19 17:02:42 +00:00

134 lines
4.5 KiB
PowerShell
Raw Permalink Blame History

# Users-01 -- Settings Declaration
# Linked to: OU=ExampleUsers,DC=example,DC=internal
#
# This GPO targets user configuration for the ExampleUsers OU.
# All settings are User Configuration (HKCU) -- Administrative Templates.
@{
GPOName = 'Users-01'
Description = 'Standard user desktop hardening and UX standardization'
DisableComputerConfiguration = $true
LinkTo = 'OU=ExampleUsers,DC=example,DC=internal'
# Deny Apply for admin groups -- DelegatedAdmins sit in ExampleUsers but should not
# receive desktop restrictions (they need regedit, cmd, etc. for sysadmin work).
# MasterAdmins are in ExampleAdmins OU so they never receive this GPO anyway.
SecurityFiltering = @{
DenyApply = @('DelegatedAdmins')
}
# No security policy settings -- user rights, account policies, etc. are Computer Configuration only
SecurityPolicy = @{}
RegistrySettings = @(
# =============================================================
# Desktop Hardening
# =============================================================
# Prevent access to registry editing tools
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'DisableRegistryTools'
Type = 'DWord'
Value = 1
}
# Prevent access to command prompt (2 = disable cmd.exe but allow batch files)
@{
Key = 'HKCU\Software\Policies\Microsoft\Windows\System'
ValueName = 'DisableCMD'
Type = 'DWord'
Value = 2
}
# Remove Run from Start Menu
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
ValueName = 'NoRun'
Type = 'DWord'
Value = 1
}
# Prevent changing desktop wallpaper
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop'
ValueName = 'NoChangingWallPaper'
Type = 'DWord'
Value = 1
}
# Remove Add/Remove Programs from Control Panel
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall'
ValueName = 'NoAddRemovePrograms'
Type = 'DWord'
Value = 1
}
# Prevent adding printers
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
ValueName = 'NoAddPrinter'
Type = 'DWord'
Value = 1
}
# =============================================================
# UX Standardization
# =============================================================
# Set default desktop wallpaper (built-in Windows wallpaper, exists on all machines)
# Replace with a corporate wallpaper on a UNC share when ready
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'Wallpaper'
Type = 'String'
Value = 'C:\Windows\Web\Wallpaper\Windows\img0.jpg'
}
# Wallpaper style: Fill
# 0=Center, 2=Stretch, 6=Fit, 10=Fill, 22=Span
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System'
ValueName = 'WallpaperStyle'
Type = 'String'
Value = '10'
}
# Hide Search box on taskbar (0=Hidden, 1=Icon, 2=Full box)
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Search'
ValueName = 'SearchboxTaskbarMode'
Type = 'DWord'
Value = 0
}
# Hide Task View button on taskbar
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
ValueName = 'ShowTaskViewButton'
Type = 'DWord'
Value = 0
}
# Disable Windows Copilot
@{
Key = 'HKCU\Software\Policies\Microsoft\Windows\WindowsCopilot'
ValueName = 'TurnOffWindowsCopilot'
Type = 'DWord'
Value = 1
}
# Hide Widgets on taskbar
@{
Key = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced'
ValueName = 'TaskbarDa'
Type = 'DWord'
Value = 0
}
)
}
Reference in New Issue View Git Blame Copy Permalink