Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Reviews
  • Contact
  • Toggle search form

Configure new GPO settings and Security baseline for Windows

Posted on 06/06/202121/08/2024 IT Expert By IT Expert No Comments on Configure new GPO settings and Security baseline for Windows
  1. Home
  2. Windows
  3. Configure new GPO settings and Security baseline for Windows
configure GPO settings

A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy (LGPO or LocalGPO) allows Group Policy Object management without Active Directory on standalone computers. Group policy can be launched via “gpedit.msc” locally or just by typing “gpedit” to launch the Local group policy console. In this guide, I will be discussing how to Configure new GPO settings and Security baseline for Windows 10 21H1. Plese see what is Group Policy Object and how can it be launched in Windows.

They are as follows “show or hide the Most used list from the Start menu”. “Not allow sideloaded apps to auto-update in the background”. “Not allow sideloaded apps to auto-update in the background on a metered network”. “Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria”. “Do not allow location redirection”. And Specify source service for specific classes of Windows Updates”.

Here is how to know what group policies are enabled or analyze GPO computers. Also, see Why use RSAT? How to Install RSAT on Windows 10, and Remote Server Administration Tools: To install RSAT on Windows Server.

Windows 10, version 21H1 is a client only release. Windows Server, version 20H2 is the current Windows Server Semi-Annual Channel release and per our lifecycle policy is supported until May 10, 2022. This Windows 10 feature update brings very few new policy settings. At this point, no new 21H1 policy settings meet the criteria for inclusion in the security baseline. We are, however, refreshing the package to ensure the latest content is available to you. The refresh contains an updated administrative template for SecGuide.admx/adml that are released with Microsoft 365 Apps for Enterprise baseline.

Show or hide the list from the menu

Windows 10 has an option that lets you hide the apps list in the Start menu.

Computer Configuration > Administrative Templates > Start Menu and Taskbar.
Windows 10 21H1
Windows 10 21H1

Via Windows Settings

These settings can also use the Start settings page to hide the all apps list from the menu for a more compact and personal design as shown in the image below.

To do this follow the steps discussed here. Open Settings, and click on Personalisation. Turn on or off the Show app list in the Start menu toggle switch.

configure new GPO settings
Security baseline

If you enable this policy setting, you can configure the Start menu to show or hide the list of used apps. The Start menu will only display the tiles section henceforth. However, the menu will now include two buttons in the top-left corner to switch between all apps and pinned tiles sections.

Both the “Not allow sideloaded apps to auto-update in the background on a metered network” and “Not allow sideloaded apps to auto-update in the background” can be accessed and configured via the Computer Configuration > Administrative Templates > Windows Components.

Computer Configuration > Administrative Templates > Windows Components > App Package Deployment.
configure GPO settings

Disable auto-update for sideloaded apps

Below are the respective settings for “Not allow sideloaded apps to auto-update in the background on a metered network” and “Not allow sideloaded apps to auto-update in the background“.

Security baseline
configure new GPO settings

Apply layered order of evaluation to Allow and Prevent device installation policies across all device match criteria:

Additionally, When this policy setting is enabled. Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create.

Unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:

  • Prevent installation of devices that match these device IDs
  • Prevent installation of devices that match any of these device instance IDs
If the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
Screenshot-2021-06-06-at-17.23.49
Screenshot-2021-06-06-at-17.24.31

Therefore, Both the “Do not allow location redirection” and the “Allow UI Automation redirection” can be found under Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host.

Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection
Screenshot-2021-06-06-at-17.25.57

Do not allow location redirection

This policy setting lets you control the redirection of location data to the remote computer in a Remote Desktop Services session.

  • By default, Remote Desktop Services allows redirection of location data.
  • Similarly, users cannot redirect their location data to the remote computer if you enable this policy setting.
  • Nevertheless, Users can redirect their location data to the remote computer if you disable or do not configure this policy setting.

Allow UI Automation redirection

This policy setting determines whether User Interface (UI) Automation client applications running on the local computer can access UI elements on the server.

Furthermore, UI Automation gives programs access to most UI elements, which lets you use assistive technology products like Magnifier and Narrator that need to interact with the UI to work correctly. However, UI information also allows automated test scripts to interact with the UI.

Screenshot-2021-06-06-at-17.26.15
Screenshot-2021-06-06-at-17.27.11

Security Baseline

Moreover, Microsoft announced the final release of the Windows 10, version 21H1 (a.k.a. May 2021 Update) security baseline package, which can be downloaded from the Microsoft Security Compliance Toolkit. Nonetheless, you can test the recommended configurations and customize/implement them as appropriate in your environment.

I hope you found this blog post on how to Configure new GPO settings and Security baseline for Windows helpful. Consequently, Please let me know in the comment session if you have any questions.

5/5 - (1 vote)

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
Windows Tags:GPO, GPOs, Group Policy Management Console, Group Policy Objects, Grouppolicy, Windows 10

Post navigation

Previous Post: Service and Network Port requirements for Active Directory
Next Post: 802.1x and EAP Authentication Types

Related Posts

  • BitLocker Protection off Update UEFI BIOS to fix issues
    BitLocker Protection off: Update UEFI/BIOS to fix issues Windows
  • AppLocker
    Fix unable to start the Application Identity Service Windows
  • Featured image new
    How to find out who restarted Windows Server Windows
  • RDP Certificate Issues
    Connecting to the RDP host: Fix the Certificate could not be verified back to the root certificate Mac
  • Windows errors 1
    Check Windows Activation Status and troubleshoot activation errors Windows
  • Modernstanby
    Modern Standby: PC is automatically encrypted Windows

More Related Articles

BitLocker Protection off Update UEFI BIOS to fix issues BitLocker Protection off: Update UEFI/BIOS to fix issues Windows
AppLocker Fix unable to start the Application Identity Service Windows
Featured image new How to find out who restarted Windows Server Windows
RDP Certificate Issues Connecting to the RDP host: Fix the Certificate could not be verified back to the root certificate Mac
Windows errors 1 Check Windows Activation Status and troubleshoot activation errors Windows
Modernstanby Modern Standby: PC is automatically encrypted Windows

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • screenshot 2020 03 31 at 22.22.43
    How to create, edit and delete a scheduled task via the Command Prompt Windows Server
  • remote desktop connection 5 1280x720 1
    How to view and remove Remote Desktop connection history Windows
  • Secure Web Server
    How to secure a Web Server on a Windows VM in Azure using TLS/SSL Certificates Saved in Azure Key Vault AWS/Azure/OpenShift
  • feature image sublime text 4
    How to install Sublime Text 4 on Ubuntu Linux
  • ansible vault
    Concept of Ansible on Windows using Cygwin Configuration Management Tool
  • Customizing Windows PE
    Steps to customize Windows PE boot images Windows
  • banner
    How to hide Folders and Files from Search Results in Windows Windows
  • amazon ec2 multiple ips 1
    What to note before assigning Multiple IPs’ to an Instance AWS/Azure/OpenShift

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,784 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.