Tag: #controlpanel

  • How to Restrict Control Panel Access with Group Policy

    How to Restrict Control Panel Access with Group Policy

    This blog will examine how to restrict control panel access with group policy. You will learn how to disable the control panel access for specific users. I will also teach you how to select only specific control panel items.

    The control panel provides access to several different system settings. In a business network, you likely don’t want your users to be able to modify these settings. The good news is that you can use group policy to restrict access to the items in the control panel.

    Restrict Control Panel Access via Group Policy

    How to Disable Control Panel for Specific Users

    In this example, I will disable the control panel for all users in the Sales OU.
    Open the group policy management console.
    Go to the OU where you want to restrict control panel access. Right-click and choose “Create a GPO in this domain, and Link it here”

    Create a GPO in this domain and link it

    Type the GPO name. I will name it “Access Control Panel”

    New group policy name

    Right-click on the created GPO and select edit.

    Edit group policy object

    Browse to:

    User Configuration\Policies\Administrative Templates\Control Panel

    Double clicks to open the policy “Prohibit access to Control Panel and PC Settings”.

    Restrict control panel access with group policy

    Select Enabled to enable this policy and click on OK.

    Prohibit access to Control Panel and PC Settings

    I will log onto a computer and verify that access to the control panel is blocked.
    Type the command:

    gpupdate /force
    Gpupdate /force command

    I’m logged into the computer as a user in the Sales OU. When trying to access the control panel, the user receives the message below.

    Restrict control panel access via group policy

    If someone logs into a computer in a different OU, they still have access to the control panel.
    If you want to apply this policy to specific users in different OUs, you need to use group policy filtering.

    Show Only Specified Control Panel Items

    If you want users to have access to only specific control panel items, follow these instructions.
    On the group policy management console.
    Right-click on an OU and select “Create a GPO in this domain, and Link it here”

    Create a GPO in this domain and link it

    Give the GPO a name. “Limit Control Panel Items”.

    Create new GPO name

    Now, right-click on the created GPO and select edit.

    Edit group policy object

    Browse to:

    User Configuration\Policies\Administrative Templates\Control Panel

    Double-click to open the policy “Show only specified Control Panel items”.

    Show only specified control panel items

    Click on Enabled and click on the Show button.

    Show Only Specified Control Panel Items

    To display a control panel item, you must enter the control panel item’s canonical name.
    Refer to the Microsoft Canonical names of control panel items to see a full list of canonical names.

    I will allow access to devices and printers and Internet options.

    Devices and Printers

    Canonical name: Microsoft.DevicesAndPrinters
    GUID: {A8A91A66-3A7D-4424-8D24-04E180695C7A}
    Supported OS: Windows 7, Windows 8, Windows 8.1
    Module name: @%systemroot%\system32\DeviceCenter.dll,-1000

    Internet Options

    Canonical name: Microsoft.InternetOptions
    GUID: {A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}
    Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
    Module name: @C:\Windows\System32\inetcpl.cpl,-4312
    Pages

    I will then insert the canonical names into the GPO settings.

    List of allowed control panel items

    Click ok and OK again.
    Login to your computer and update the group policy with the below command.

    Gpupdate /force
    Gpupdate /force command

    When the user opens the control panel, they can only access the items listed in the GPO.
    In the below example, the user only has access to the devices and printers and internet options control panel items.

    Specified Control Panel Items