Damien Coles
f172d00514
Infrastructure-as-code framework for Active Directory objects and Group Policy. Sanitized from production deployment for public sharing.
39 lines
1.6 KiB
Markdown
39 lines
1.6 KiB
Markdown
# Users-01 GPO
|
|
|
|
**GUID:** Auto-created on first `Apply-GPOBaseline.ps1` run
|
|
**Linked to:** `OU=ExampleUsers,DC=example,DC=internal`
|
|
**Scope:** User Configuration (HKCU) -- Administrative Templates only
|
|
|
|
This GPO applies to all user accounts in the ExampleUsers OU. Settings follow the user to any domain-joined machine they log into.
|
|
|
|
## Settings
|
|
|
|
### Desktop Hardening
|
|
|
|
| Setting | Value | Effect |
|
|
|---|---|---|
|
|
| DisableRegistryTools | 1 | Blocks regedit.exe |
|
|
| DisableCMD | 2 | Blocks cmd.exe, allows batch files |
|
|
| NoRun | 1 | Removes Run from Start Menu |
|
|
| NoChangingWallPaper | 1 | Prevents changing desktop wallpaper |
|
|
| NoAddRemovePrograms | 1 | Hides Programs & Features in Control Panel |
|
|
| NoAddPrinter | 1 | Prevents adding printers |
|
|
|
|
### UX Standardization
|
|
|
|
| Setting | Value | Effect |
|
|
|---|---|---|
|
|
| Wallpaper | `C:\Windows\Web\Wallpaper\Windows\img0.jpg` | Default Windows wallpaper (replace with corporate UNC path when ready) |
|
|
| WallpaperStyle | 10 | Fill mode |
|
|
| SearchboxTaskbarMode | 0 | Hides Search box on taskbar |
|
|
| ShowTaskViewButton | 0 | Hides Task View button |
|
|
| TurnOffWindowsCopilot | 1 | Disables Windows Copilot |
|
|
| TaskbarDa | 0 | Hides Widgets |
|
|
|
|
## Notes
|
|
|
|
- No SecurityPolicy (GptTmpl.inf) settings -- user rights, account policies, and audit settings are Computer Configuration only
|
|
- All 12 settings are registry-based, applied via `Set-GPRegistryValue`
|
|
- Wallpaper currently points to the built-in Windows image; replace with a UNC path (e.g., `\\example.internal\NETLOGON\wallpaper.jpg`) when a corporate wallpaper is ready
|
|
- Taskbar settings (Widgets, Copilot) are Windows 11 / Server 2025 specific -- no-ops on older OS
|