There are a lot of useless group policy (GP) settings in the Windows 7
/ 8 / 10 Operating Systems ...
When you disable a Service do you also disable the corresponding
(if there is one) GP?
Beginning with Windows 2000 security and control of the computer hardware and services was added to improve how the Operating System interacted with the installed software and the GUI for the user.
The new functions were called Group Policies (GP), some are optional, some are required.
From a security point of view the GP can be a blessing or a nightmare. Originally only a few were interactive with other GP's but as the system grew so did the interaction with other services and functions.
When Vista was released it had over 300 Group Policies, out of these over 100
When one Group Policy
interacts or is dependent on or with another Group Policy you can not
It maybe written in such a way that if you modify the functions at all the
other dependent or interactive Group Policies will fail.
This could be a very bad thing in that if you turn off the wrong GP your Operating System may not start and here is the bad news: You can not modify the GPOs with out the OS running.
There are two ways to correct a GP that was disabled when it needs to be either "Not Configured" or "Enabled". One way is to install the Operating System again. The other way is to have an exact copy of the GP files and boot from an external device then copy the new GP files in to the correct folder.
Note: You will notice I have not gave the names of the files nor did I give the exact path to the folder where the files reside. The reason I do this is to keep someone from mucking up their OS, if you really need to know then you will need to do some research and study of Group Polices.
When XP was released there were four or so interactive or dependent GP and for the most part these could be disabled if you disabled the other GPs that were dependent with out ill effect to the OS or any installed user programs.
When Vista was introduced there were more interactive GPs and turning off the wrong one would cause you a heap of problems, from the desktop not displaying ICONs to programs not opening when commanded to do so.
Troubleshoot, repair, maintain, upgrade & secure...
This intertwining or dependent on other Group Policy's causes a lot of problems not only for the Systems Admin that needs to lock down Operating Systems to keep hackers out, users from doing things the company doesn't want them to be doing while working, to users that want a more stable and secure computer.
Case in point: the GPO for licensing software, if you disable it then none of the functions of the Operating System that you use to configure the Operating System will work, that is all the Control Panel functions will be disabled.
This is one of the big security holes in the Vista / Windows 7 Operating Systems that if you leave it enabled or Not Configured a hacker can gain access to your computer, not just the OS but the drives and your data.
It is a Catch 22, do you disable it and make your computer secure and do with out the functions of the Control Panel? Or do you leave it enabled or Not Configured (which means it is enabled by default) and your computer wide open for hackers/thieves?
One thing you could do is disable it once you have your computer functioning the way you like it and if you need the Control Panel functions enable it, do you work with the control panel then disable it once again.
This makes it a little hard to control the Firewall settings because once you disable the GP then you can not open the Firewall applet to add or remove rules.
If you notice you can not access the Control Panel on a Windows 7 computer at work that would indicate that the IT department has disabled the Software Licensing GPO. And because it is a Domain Machine GP you can not enable it on your computer.
The more I learn about Windows 7 the closer I come to the conclusion that this may turn in to a nightmare for the normal user that would like to use safe guards to keep their data out of the hands of thieves.
Bottom line is if you are going to experiment with Vista / Windows 7 GPOs either do it in a Virtual Machine or have an image of the Operating System because once you disable the wrong GPO you have no choice but to reinstall the OS.
This e-book lists all the safe to disable useless
Group Policy and services...
My $0.02 ... :(