Many posts on this blog talk about various Group Policy settings and how to implement them. Although, Group Policy main focus is to lock down settings on workstations and servers in a domain environment, you can still implement the same measures on workstations in a workgroup environment.
A new policy setting on Windows 8 allows you to lock down your workstation after a period of inactivity. Although, you could lock down a user session based on idle time in previous Windows systems, this setting as a policy is only found on Windows 8 and Windows Servers 2012 systems.
The machine account lockout threshold setting is a new security policy found only on Windows 8 and Windows Server 2012 machines. This new security setting determines the number of failed logon attempts by users before locking down the machine. A locked out machine can only be recovered by providing the BitLocker recovery key at the console. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt.
The default behaviour of Windows during the installation of new device drivers is to search the Windows Update website if it can’t find the drivers it needs within the local driver store. This procedure can be altered or disabled using the Group Policy setting – Specify search order for device driver source locations.
As we have seen in a previous post – Printer Driver Isolation, Microsoft introduced a new feature in Windows 7 and Windows Server 2008 systems that allows users to isolate unstable printers’ drivers, and in the above mentioned post we have seen how to use this feature using the Print Management snap-in. In this post we will see how to enable the same feature using Local Group Policy in Windows 7.
Although, Windows online help may provide users with the latest relevant content, some organizations may still want to disallow it! Organizations may want to save Internet bandwidth or have to comply with specific security requirements and disallow Windows Help to connect online and download updated content. If this is the case, then I suggest that you disable Windows Online Help functionality from through Group Policy as it will generate errors and prompts, every time it tries to connect to the Internet. You can use the Turn off Windows Online Group Policy to prevent the automatic downloading of online Windows Help content.
If you share your computer with other users and find other users’ customizations annoying then, Windows 7 allows you to block such functionality. By default, Windows 7 tracks users’ activities and tries to facilitate life by customizing the system according to the user activity such as, personalized menus, frequent programs list in the Start menu and others. One of the most annoying customizations which can happen when users share the same computer, is when users drag the taskbar to another side of the screen with the taskbar option Auto-hide enabled. Subsequent users may not be aware of such functionality and may not be able to find the taskbar at the side or top of the screen!