Group or Local Policy

Notes

IMPORTANT! Changing policy setting can have some profound and restrictive effects that may not be apparent to users. Additionally when a computer is re-assigned to another area or role these policy setting will not automatically change when set at the local machine level. Use local machine settings only for specific purposes. “Blanket” or domain wide policies should be applied using domain and not local policies. In all cases use caution and make sure to read and understand the setting you are applying. And if possible make notes where special or unique policies are applied.

Adding Administrative Templates

Administrative Templates are registry-based policy settings that appear in the Local Group Policy Editor under the Administrative Templates node of both the Computer and User Configuration nodes. This hierarchy is created when the Local Group Policy Editor reads XML-based Administrative Template files (.admx).

Microsoft has Administrative Templates availble for each version of Office and Internet Explorer. Templates are saved in \\operations\resource\IT Shared\Domain Policy Admin Templates\, or can be downloaded from Microsoft's Download Center (http://www.microsoft.com/en-us/download/).

In general it is not recommended to apply specific policies to individual computers, largely because it is difficult to document and keep track of. In the circumstances where it is needed do the following:

  • Download and unzip the appropriate template set.
  • Copy the needed template to '%systemroot%\PolicyDefinitions'.
  • Some templates utilize multiple files. For example Outlook 2013, outlk15.admx and outlk15.adml. Both files must be placed in the appropriate loacations.
  • The next time you open gpedit.msc you should be able to edit the new settings for the local policy.

Local Poilicies

Disable Cached Exchange mode

On a publicly used computer (such as a conference room) if users are allowed to use the full version of outlook, you may want to disable the “Cached Exchange Mode”. This will help keep individual logon account small and load faster.

  • Get the Administrative template for the correct version of Outlook
  • Copy the file(s) to C:\WindowsPolicyDefinitions\
  • Open gpedit.msc
  • Navigate to User Configuration > Administrative Templates > Microsoft Outlook <version> > Account Settings > Exchange > Cached Exchange Mode
  • Find “Use Cached Exchange Mode for new and existing Outlook profiles” and set it to “Disabled”
  • You may also need to disable “Cached Exchange Mode (File | Cached Exchange Mode)”

Any time you make a change to a Local Policy make sure to clearly document the setting so that changes can be made effectively if necessary.

Force the Online Global Address List

This policy setting allows you to force Outlook to use the Online Global Address List for ambiguous name resolution when composing messages in Outlook, instead of using the Offline Address Book when it is available.

If you enable this policy setting, addresses are resolved using the Online Global Address List, which may contain additional information (that the Offline Address Book would not have) that allows an address to be resolved.

If you disable or do not configure this policy setting, Outlook resolves addresses using the Offline Address Book when it is available.

  • Get the Administrative template for the correct version of Outlook
  • Copy the file(s) to C:\WindowsPolicyDefinitions\
  • Open gpedit.msc
  • Navigate to User Configuration > Administrative Templates > Microsoft Outlook <version> > Account Settings > Exchange > Cached Exchange Mode
  • Find “Use the Online Global Address List for Nickname Resolution”
  • Set to Enabled

IE Defaults

Set Default Search Provider

This ADM file has been tested as far as IE 11 on Windows 7

  • Download the ADM Template file to the subject computer. [Download]
  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Right-click on “Administrative Templates” and choose “Add/Remove Templates”
  • Click the ADD button, browse to the ADM file you downloaded, select the file and click the OPEN button
  • If the new template is listed click the CLOSE button
  • Find the new options:
    User Configuration » Administrative Templates » Classic Administrative Templates » Windows Components » Internet Explorer
  • Enable the policy and check the box for Google

Restrict Search Providers to a Specific List

This setting goes hand-in-hand with Set Default Search Provider above.

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Restrict search providers to a specific list”

Prevent Changing the Default Search Provider

This setting goes hand-in-hand with Set Default Search Provider above.

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Prevent changing the default search provider”

Disable Changing the Default Browser Check

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Disable changing the default browser check”

Prevent Running First-Run Wzard

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Prevent running first run wizard”
  • Choose “Go directly to Home Page” in drop down

Notify Users if Internet Explorer is not the Default Browser

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and DISABLE the option “Notify users if Internet Explorer is not the default browser”

Turn on Menu Bar by Default

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Turn on menu bar by default”

Turn off Favorites Bar

  • Open the policy editor on the subject pc. Start » gpedit.msc
  • Expand “User Configuration”
  • Navigate to:
    User Configuration » Administrative Templates » Windows Components » Internet Explorer
  • Find and enable the option “Turn off favorites bar”
Last modified:: 2016/03/19 16:03