MyPCHealth

 

Group Policy Essentials

I have recently developed a Windows 7 Group policy for our network. Unfortunately i have to say it was an absolute nightmare. But i hope this page will make some of the nightmare settings to lock down windows 7 easier for you to deploy as i spent stupid amounts of hours sorting it out.

The Items that i found most difficulty in sorting when developing my group policy where the following::

• Remove the network icon from the navigation pane in explorer.
• Remove the Libraries Folders from the navigation pan in explorer
• Remove the uninstall or change a program button from the explorer menu
• Stop Win 7 prompting for privileges to install a network printer

Remove the network icon from the navigation pane in explorer.

Below is a couple of ways you can hide the network icon in the navigation pane.

Method 1 : Create the registry key needed through group policy.

Firstly you can create a registry key under either Local Machine or Current User. The registry key you need to create is the following (HKCU shows im doing this under the current user, for local machine replace HKCU with HKEY_LOCAL_MACHINE)

HKey_Current_User\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}

With a dword value of 1 for it to be showing and with a dword value of 0 to be turned off. To apply this registry setting through group policy you need to following these instructions:

• On your server, open up group policy management
• Create a new policy under the organisation unit you wish it to deploy to.
• In the left window Expand the following User configuration - preferences =-windows settings and highlight registry.
• In the right hand menu, right click and then move the mouse onto new and then click Registry Item.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

• in New registry properties window make the action create and fill in the hive, path as suggested above. Value type is REG_ DWORD and its value data is 0 to hide. See image below:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Method 2 : Create a ADM file and import into group policy.

Open up a notepad file and copy the text below into the notepad. Then save the file with a name making sure you call it <name>.adm (it needs to be adm for it to be imported into group policy).

CLASS User

CATEGORY !!Custom

CATEGORY !!ExplorerExtras

POLICY !!HideNetworkInExplorer
KEYNAME "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum"
EXPLAIN !!HideNetworkInExplorer_Help
VALUENAME "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

END CATEGORY

END CATEGORY

[strings]
Custom="Custom Policies"
ExplorerExtras="Windows Explorer Extra's"
HideNetworkInExplorer="Hide the Network Icon in Explorer 2008/Vista/Windows 7"
HideNetworkInExplorer_Help="Enable this to hide the netowrk icon, disable or unconfigure to show the network icon."

---------------------------------------------------------------------

Once you have create the adm file from the text above next you need to import it into the group policy. To do this follow these instructions.

• On your server, open up group policy management
• Create or edit a new policy under the organisation unit you wish it to deploy to.
• expand user configuration - policies.
• Right click Administrative templates and click Add/remove templates. (see image below)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once you have browsed to the file and added it the new setting will appear in the group policy editor as show in the image below: