Disable Useless GPO's?


Home     Sitemap


www.diy-computer-repair.net logo

Disabling A Windows 7 Group Policy, Bad Idea?

There are a lot of useless group policy (GP) settings in the Windows 7 / 8 / 10 Operating Systems ...

When you disable a Service do you also disable the corresponding (if there is one) GP?

Beginning with Windows 2000 security and control of the computer hardware and services was added to improve how the Operating System interacted with the installed software and the GUI for the user.

The new functions were called Group Policies (GP), some are optional, some are required.

From a security point of view the GP can be a blessing or a nightmare. Originally only a few were interactive with other GP's but as the system grew so did the interaction with other services and functions.

When Vista was released it had over 300 Group Policies, out of these over 100 were interactive.

When one Group Policy interacts or is dependent on or  with another Group Policy you can not disable it.

It maybe written in such a way that if you modify the functions at all the other dependent or interactive Group Policies will fail.

This could be a very bad thing in that if you turn off the wrong GP your Operating System may not start and here is the bad news: You can not modify the GPOs with out the OS running.

There are two ways to correct a GP that was disabled when it needs to be either "Not  Configured" or "Enabled". One way is to install the Operating System again. The other way is to have an exact copy of the GP files and boot from an external device then copy the new GP files in to the correct folder.

Note: You will notice I have not gave the names of the files nor did I give the exact path to the folder where the files reside. The reason I do this is to keep someone from mucking up their OS, if you really need to know then you will need to do some research and study of Group Polices.

When XP was released there were four or so interactive or dependent GP and for the most part these could be disabled if you disabled the other GPs that were dependent with out ill effect to the OS or any installed user programs.

You need this in your IT Tool Box! Get yours today...

Troubleshoot, repair, maintain, upgrade & secure...

    With this!

When Vista was introduced there were more interactive GPs and turning off the wrong one would cause you a heap of problems, from the desktop not displaying ICONs to programs not opening when commanded to do so.

This intertwining or dependent on other Group Policy's causes a lot of problems not only for the Systems Admin that needs to lock down Operating Systems to keep hackers out, users from doing things the company doesn't want them to be doing while working, to users that want a more stable and secure computer.

Case in point: the GPO for licensing software, if you disable it then none of the functions of the Operating System that you use to configure the Operating System will work, that is all the Control Panel functions will be disabled.

This is one of the big security holes in the Vista / Windows 7 Operating Systems that if you leave it enabled or Not Configured a hacker can gain access to your computer, not just the OS but the drives and your data.

It is a Catch 22, do you disable it and make your computer secure and do with out the functions of the Control Panel? Or do you leave it enabled or Not Configured (which means it is enabled by default) and your computer wide open for hackers/thieves?

One thing you could do is disable it once you have your computer functioning the way you like it and if you need the Control Panel functions enable it, do you work with the control panel then disable it once again.

This makes it a little hard to control the Firewall settings because once you disable the GP then you can not open the Firewall applet to add or remove rules.

If you notice you can not access the Control Panel on a Windows 7 computer at work that would indicate that the IT department has disabled the Software Licensing GPO. And because it is a Domain Machine GP you can not enable it on your computer.

The more I learn about Windows 7 the closer I come to the conclusion that this may turn in to a nightmare for the normal user that would like to use safe guards to keep their data out of the hands of thieves.

Bottom line is if you are going to experiment with Vista / Windows 7 GPOs either do it in a Virtual Machine or have an image of the Operating System because once you disable the wrong GPO you have no choice but to reinstall the OS.

This e-book lists all the safe to disable useless Group Policy and services...

My $0.02 ...  :(

Emergency Repair
isk (ERD) - Will Yours Work?

Repair Disk

Custom made for you...

You keyboard isn't thirsty, and it doesn't need calcium. Milk and other liquids will ruin a keyaboard!

This Web
Site is a
labor of Love
But Love
doesn't pay
the bills!

Please chip in $5 to keep it live...

Need A Checklist?

Need A Repair Manual?

    Page copy protected against web site content infringement by Copyscape

You can:

Return to
previous page:





Thank you for visiting my web site, and please come back again.

This website is not intended for children under the age of 18

Author of this web site: Monte Russell

FTC Endorsement Rules
All testimonials on the DIY Computer Repair web site are from customers who were not paid to comment on any products!

The Flag of The United States of America!   Proudly Made in The U. S. A.

Copyright and Registered to www.diy-computer-repair.net, all thieves will be prosecuted to the fullest extent of international law!www.diy-computer-repair.net

From the Desert South West ~ Arizona, U. S. A.
Copyright DIY-Computer-Repair.Com 2006-2016


"You found this web site through:"

Active Search Results

Return to top of Group Policy

Group Policy

Home    About    Sitemap
Fix It Blog!

From the Desert South West ~ Arizona, USA
Copyright www.diy-computer-repair.net 2006-2015