Windows Control Panel allows you to modify settings so you can customize the look and functionality of Windows to suit your needs. However, in a business network, you may not want your users to be able to modify these settings. To restrict user access to items in the Control Panel, you can use Group Policy. With a Group Policy Object (GPO), you can block the entire control panel functionality or allow users to have access to specific items within the control panel.
In this guide, we will look at the native method of how to disable control panel using Group Policy.
Steps to Disable Control Panel
The following steps explain how to create and link a new group policy and configure the settings that will disable Control Panel access.
Step 1: Create and Link a new GPO
- Open the Group Policy Management Console
- In the Group Policy Management Console, browse to the OU, right click and select Create a GPO in this domain, and Link it here. Name the GPO and then link it to an OU
Step 2: Configure GPO Settings
Browse to User Configuration, Policies, Administrative Templates, Control Panel. On the right-hand side, right-click the setting “Prohibit access to control panel and PC settings” and select Edit.
The Prohibit access to control panel and PC settings group policy setting moderates control panel access for users. The following options can be configured:
Enabled: When you enable this setting, it prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting.
Disabled: When disabled, users will have access to the control panel and all the items.
Not Configured: It means the policy has no effect. The control panel is accessible to all users.
- Select Enabled to remove the Control Panel from the start screen and File Explorer for users. If users try to select a Control Panel item from the Properties item on a context menu, a message will appear explaining that a setting prevents the action.
- Click Apply and OK. Close the Group Policy Management Editor.
After the group policy object is configured, you will need to link the GPO to an OU if you haven’t already done so. You can also link it to the domain, but doing so will make the GPO applicable to every computer in the domain, so this is not advised. The best way is to choose a test OU, connect your GPO, and test the policy settings.
How Lepide can Help
Group Policy Auditing tool, from the Lepide, will give you more visibility over the changes being made to your Group Policy Objects. Every change will be monitored and when a critical change is made, the administrator can receive a real-time alert and have the option to roll back unwanted changes to their previous state, allowing administrators to maintain a policy of least privilege and ensure the security policies of the organization remain intact.