Local Group Policy Settings

Applies To: Windows 8.1

For a Windows RT 8.1 deployment in education there are a number of Group Policy settings you can evaluate.

Table 2 describes Group Policy settings that schools might evaluate when planning Windows RT deployment. Many of these policies might leave the device in a state where it is difficult to manage or support. Schools have a tendency to over-manage Windows RT devices by using local Group Policy when they would be better off allowing the standard user account to do its job. For example, instead of locking all users out of the Control Panel, simply rely on standard user accounts not being able to change system settings that adversely affect the device. Likewise, standard users cannot save or change files in system folders.

Table 2. Local Group Policy Settings for Evaluation

Location Name

Computer Configuration\Windows Settings\Security Settings\Account Policies

  • Password Policy

Computer Configuration\Administrative Templates\Windows Components\App Package Deployment

  • Allow all trusted apps to install

Computer Configuration\Administrative Templates\Edge UI

  • Disable help tips

Computer Configuration\Administrative Templates\Sync your settings

  • Do not sync

User Configuration\Scripts

  • Logon

  • Logoff

User Configuration\Administrative Templates\Control Panel

  • Hide specified Control Panel items

  • Prohibit access to Control Panel and PC settings

  • Show only specified Control Panel items

User Configuration\Administrative Templates\Start Menu and Taskbar

  • Clear history of recently opened documents on exit

  • Clear history of tile notifications on exit

  • Go to the desktop instead of Start when signing in

  • Lock the Taskbar

  • Start Screen Layout

  • Prevent users from customizing their Start screen

  • Do not keep history of recently opened documents

  • Prevent changes to Taskbar and Start menu settings

  • Prevent users from uninstalling applications from Start

  • Pin apps to Start when installed

User Configuration\Administrative Templates\System

  • Prevent access to the command prompt

  • Prevent access to registry editing tools

  • Don’t run specified Windows applications

  • Run only specified Windows applications

User Configuration\Administrative Templates\System\Logon

  • Run these programs at user logon

User Configuration\Administrative Templates\Windows Components\App runtime

  • Allow Microsoft accounts to be optional

User Configuration\Administrative Templates\Windows Components\Credential user interface

  • Do not display the password reveal button

User Configuration\Administrative Templates\Windows Components\File Explorer

  • Hide the drop-down list of recent files

  • Hide the common dialog Places Bar

  • Items displayed in Places Bar

User Configuration\Administrative Templates\Windows Components\Internet Explorer

  • Do not allow users to enable or disable add-ons

User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page

  • Site to Zone Assignment List

  • User data persistence

User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings

  • Set how links are opened in Internet Explorer

  • Open Internet Explorer tiles on the desktop

User Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

  • Do not allow passwords to be saved

User Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections

  • Specific default connection URL

User Configuration\Administrative Templates\Windows Components\Store

  • Turn off the offer to update to the latest version of Windows

  • Turn off the Store application

User Configuration\Administrative Templates\Windows Components\Windows Mail

  • Turn off Windows Mail application

See also