How to configure internet options for local group policy
Does this sound familiar?
"Welcome to Monopoly!" "All right, now we're going to go with auctions if you don't buy." "Why? That's so annoying!" "Because if we don't, it takes forever." "All right, fine, but I want money if I land on Free Parking." "Fine, if that's what it takes. But I want ‘even build houses’ too. I'm not letting you throw a hotel up on Boardwalk first thing again." "OK, OK, let's start the game already."
Learn Windows 10 Host Security
The board game Monopoly has a lot of rules associated with it. What it also has is a lot of possible features that can be approved or ignored, house rules and other options that can tweak the experience for the players. Because it is such a huge game, owned by millions of people across the world, it really tries its best to fit the needs of whoever wants to play. The fact that there are so many officially sanctioned variants is a testament to that.
By the same token, Windows 10’s Internet Options also have a lot of potential modifications that can be tweaked. This is very visible if you take a look at all of the settings available within Internet Explorer for example, but it can take some serious diving to find them all if you try to do it directly within the program itself. In addition, if you have multiple users on the same system, it can be difficult to make sure that everyone has all of the same settings if done manually. Fortunately, Local Group Policy has this covered.
Why local group policy?
To start with, Local Group Policy is simply a set of standardized rules that can be applied across a system — regardless of how many users are on it.
Local Group Policy is a lot like standard Active Directory Group Policies, but with a few obvious exceptions. First, it cannot be applied over multiple machines without additional help: it is local only to the particular machine you are setting it up on. Second: for the most part, you're stuck with the default Microsoft settings but for our purposes today, that will be more than enough. Third, normal Active Directory Group Policies require a domain-joined Windows PC to function; however, Local Group Policies work on all versions of Windows.
Local Group Policy is particularly useful when it comes to Internet Options, and thus Internet Explorer and other web browsers. This is because Internet Explorer, more than any other modern web browser, has been the enterprise browser of choice since 1997 with the introduction of support for Group Policy. This has allowed organizations to roll out rules and standards across their entire environment with only one set of centralized changes, thus reducing maintenance time considerably.
Accessing local group policy
To get to Local Group Policy, we are going to want to click on Start and type in “Edit Group Policy.”
Once you select this option, a screen for “Local Group Policy Editor” will appear.
There are two sets of settings for Internet Explorer, with options split between them. Additionally, wording can be rather difficult sometimes in figuring out exactly what a setting does, so please be sure to double-check before making your modifications.
The first set of settings is available under Computer Configuration → Administrative Templates → Windows Components → Internet Explorer. The second can be found on a very similar relative location under “User Configuration.”
Between these two locations, there are options available for almost every setting in Internet Explorer- including Security Settings, Enterprise Mode for legacy websites, Default Bookmarks and tons more.
Using local group policy
For a quick example, we'll deal with a basic function that many organizations have to deal with for one reason or another — setting a standard home page.
To do this, we'll be going down the User Configuration side, so this means User Configuration → Administrative Templates → Windows Components → Internet Explorer.
The specific setting we're going to be looking for is “Disable changing home page settings.” While this may not sound like it's what we want at first, it does have the settings required to set a standard home page, and then lock out that setting from user modification.
Here is where wording becomes critical because of a major issue in how the Group Policy Settings are applied. We want to ENABLE this setting in order to DISABLE user changes.
Once we have enabled this setting, the Home Page dialog box will become editable and we can put whatever address we wish in there. Afterward, click “Apply” and “OK” and our Group Policy modification will take effect.
In order to make sure that any applied Group Policy modifications do indeed take effect immediately, you can either restart the system or run a gpupdate /force command. To do this, we are going to want to go to Start and run “Command Prompt.” To apply Group once Command Prompt has opened, you will want to run the command gpupdate /force.
If you do need to deploy Local Group Policies across multiple systems, it is not as easy as Active Directory but it is certainly still possible. To do this, once you have configured your policies correctly on one machine, navigate to the following location:
- %systemroot%system32GroupPolicy
Copy all files in this directory to a target system, then either reboot or perform a gpupdate /force as noted above. Once this has been done, the new policies will go into place.
Local Group Policy fills a very critical gap in standardization between individual workstations and full domains. If your organization has a large number of systems, but isn't quite at the level to require Active Directory, it can be a really great tool to provide a level of standardization and security that would be difficult to handle if you were requesting each user to perform changes themselves.
For more recommendations on Local System security, as well as additional recommendations and courses, please be sure to visit Infosec!
Learn Windows 10 Host Security
Sources
- Make Bing.com the default home page, Microsoft
- how to configure local group policies in workgroup environment Centrally ?, Windows Server
In this Series
- How to configure internet options for local group policy
- Comparing Linux+ and RHCSA/RHCE operating system security certifications
- Android security: Everything you need to know [Updated 2021]
- Application sideloading in Windows 10
- Web Browser Security in Windows 10
- How to use Local Group Policy to secure Windows 10
- How to use Microsoft DirectAccess
- How to protect a Windows 10 host against malware
- CA Installation and Use in Windows 10
- Certificates overview and use in Windows 10
- How to Use Windows 10 Action Center and Security & Maintenance App for Hardening
- Data Security in Windows 10: NTFS Permissions (Standard)
- 6 windows event log IDs to monitor now
- How to audit Windows 10 security logs
- How to audit Windows 10 system logs
- App isolation in Windows 10
- Windows Supported wireless encryption types
- How to use Assigned Access in Windows 10
- How to configure password policies in Windows 10
- Data execution prevention (DEP) in Windows 10
- How to use Windows 10 quick recovery options
- How to use Disk Quotas in Windows 10
- Data Security in Windows 10
- How to use AppLocker in Windows 10
- How to configure Windows 10 firewall
- Windows 10 security features
- How To Use Microsoft Edge Security Features
- How to use BitLocker in Windows 10 (with or without TPM)
- Encrypted file system (EFS) in windows 10
- Share permissions in Windows 10
- How to audit windows 10 application logs
- Understanding Windows Services
- Windows 10 Auditing Features
- How to use Protected Folders in Windows 10
- How to configure VPN in Windows 10
- How to configure UAC in Windows 10
- Domain vs workgroup accounts in Windows 10
- Bluetooth security in Windows 10
- Single Sign-On in Windows 10
- Connecting to secure wireless networks in Windows 10
- MAC filtering in Windows 10
- Admin vs non-admin accounts in Windows 10
- Types of user accounts in Windows 10 (local, domain, Microsoft)
- How to use Windows Recovery Environment
- How to use Windows Backup and Restore Utility
- How to use Microsoft passport in Windows 10
- Driver Security in Windows 10
- How to use Credential Manager in Windows 10
- How to configure Picture Passwords and PINs in Windows 10
- How to use credential guard in Windows 10
- Application Management in Windows 10
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Operating system security
Comparing Linux+ and RHCSA/RHCE operating system security certifications
Operating system security
Android security: Everything you need to know [Updated 2021]
Operating system security
Operating system security