How to set up and work with Windows 10 local security policy

Why does Windows need a local security policy?

Group (local) security policy (GSP/LPB) is software that ensures the consistent and most efficient operation of computers in a company or institution. Having high productivity while saving time and resources is all about you if you have group connection settings running on PCs and laptops running Windows: together these computers form a single whole that helps your office grow and develop further. This requires them to be connected to the same domain.

Which version of Windows 10 is suitable for Group Policy settings

You need Professional/Enterprise - it is used by employees of private companies and government employees. The fact is that the Home/Starter version, intended for ordinary users, does not have the gpedit.exe (Group Politics Editor) component - its forced installation is required.

Why is there no GPEdit tool in Windows Home/Starter?

In Home/Starter, GPB is represented only by the “Group Policy Client” service, which can be disabled completely. And why is it necessary if access to advanced settings is closed? This was done to prevent changes made to OS settings by malware under the administrator's name.

Where is the local security policy located and how does it work?

Dozens local security tools are managed by the Group Policy Client service. If this service is disabled, the Group Politics Editor will not start or will fail to configure.

Launching the Windows 10 Local Security Policy Editor

Give the command “Start - Run” and enter the command gpedit.msc in the line that opens.

Confirm your entry by clicking OK

You can also launch the editor by entering “gpedit” in the search for the main menu of Windows 8/10.

Group Policy Editor functionality

Setting up the GPB service includes:

Create a shortcut for quick launch

Windows 10 Task Manager - where it is and how to open it

In order not to write commands each time and not to switch to other utilities, you can create a regular program shortcut, which, when double-clicked with the left mouse button, will open the policy editor. To implement it you should:

1. Go to the desktop and right-click on any area free of icons and files.
2. Select the “Create” item from the context menu, and then the “Shortcut” sub-item.
3. Specify the path to the file: C:\Windows\System32\gpedit.msc and click on “Next”.
4. Come up with a name for the shortcut, after which it will move to the desktop.

How to disable local security policy

You need to disable the Group Policy Client service. But it is “built into” Windows 7/8/10 so firmly that it is impossible to stop and deactivate it using the built-in service configuration wizard called from the task manager.

The most effective way is to interfere with the system registry. Do the following:

1. Go to the familiar “Run” program launcher and enter the “regedit” command. The Registry Editor will open.
2. Go to the \HKLM\SYSTEM\CurrentControlSet\Services\gpsvc directory (the gpsvc.exe process, visible in the task manager when the Group Policy Client is running, is launched by the Windows registry from this location).
3. Right-clicking will open the "gpsvc" folder menu - select "Permissions".
   In the registry editor, find the “gpsvc” folder, click “Permissions”
4. Select a different owner by going to advanced security options.
   Without changing the name you will not be able to get full access to the gpsvc process
5. Check all permissions.
   It is advisable to remove unnecessary users from the settings for unlimited access to the service. Check all permissions, remove unnecessary users from the additional access settings in the “Groups or users” column
6. Go back to the gpsvc folder in this registry directory and change the Start key to 4 (Disabled).
   In the gpsvc folder, change the Start key by entering the value 4, and the system will turn off
7. Close all windows by clicking OK and restart your computer.

That's not all! You will be bothered by a message in the tray about the Group Policy Client service not working.

It will appear every time, remove it

To remove it, do the following:

First save this folder into a separate registry file.

This is done in case the service needs to be quickly restored without reinstalling Windows. After deleting the folder, restart your computer - the notification will no longer appear.

Windows 10 Local Security Policy won't turn on

The reasons why the service does not turn on are as follows:

• you downloaded an OS build in which this component is disabled. The registry code will help you (you can save and run it as a separate reg file): Windows “EnableInstallerDetection”=dword:00000001. Restart your computer after running the created tweak;
• you are using Win 10 Home. Install the “Local Security Policy” service yourself if you do not have the Professional or Enterprise build. Use the instructions for Windows 7 and do the same for Windows 10;
• There are not enough rights, you need “admin” rights. To enable the administrator account, use the command “net user administrator /active:yes” at the command prompt and log in as an administrator. Try to start the GPB editor again using the methods known above. As soon as you no longer need GPEditor and you disable the service, log out of the administrator account and turn it off with the command “net user administrator / active: no”.

Video: How to install Group Policy Editor on Windows

Windows group security services and processes are a useful tool that can help you a lot in your work. When it's not needed, it's easy to turn it off.

Are you trying to launch the Local Group Policy Editor using the gpedit.msc command in Windows 10 Home? And you get the error “Cannot find gpedit.msc. Check if the name is correct and try again"? The fact is that the home edition simply doesn’t have it. The lack of a Group Policy Editor in Windows 10 Home is a headache for home users. They are limited in the operating system settings. All simple manipulations that can be performed quickly and easily using Group Policy have to be edited through the registry editor, which is very incomprehensible, confusing and difficult for ordinary users.

Group Policy is a tool that allows network administrators to change the ability to enable or disable many important settings. Contains all the settings that can be changed via the desktop in a couple of clicks, but unfortunately Microsoft does not include the Gpedit function in the Windows 10 Home edition. And accordingly, home users have to change the “kosher” settings through the registry.

Activate Local Group Policy Editor Gpedit.msc in Windows 10 Home

Windows 10 doesn't have a built-in tool that can enable the Local Group Policy Editor. Thus, the only way is the help of a third-party Policy Plus utility with a Russian interface.

Policy Plus

Policy Plus is a free program that perfectly activates the local group policy editor “Gpedit.msc” in Windows 10 Home. This tool is licensed to run on Windows 10, so you can run it without any violation issues. Policy Plus resembles the real Windows 10 Group policy editor.

Step 1

.
Download Policy Plus from the Github repository
. Once the download is finished, open the file and you will immediately get a simple, clean interface that has all the policy options in categories and subcategories.

Step 2

.
Click Help
and then
Acquire ADMX Files.
In the window that appears, click “
Begin
”. This will download the full set of policies from Microsoft.

Step 3

. You can start adjusting the settings of your Windows 10 Home system.

Are you trying to launch the Local Group Policy Editor using the gpedit.msc command in Windows 10 Home? And you get the error “Cannot find gpedit.msc. Check if the name is correct and try again"? The fact is that the home edition simply doesn’t have it. The lack of a Group Policy Editor in Windows 10 Home is a headache for home users. They are limited in the operating system settings. All simple manipulations that can be performed quickly and easily using Group Policy have to be edited through the registry editor, which is very incomprehensible, confusing and difficult for ordinary users.

Group Policy is a tool that allows network administrators to change the ability to enable or disable many important settings. Contains all the settings that can be changed via the desktop in a couple of clicks, but unfortunately Microsoft does not include the Gpedit function in the Windows 10 Home edition. And accordingly, home users have to change the “kosher” settings through the registry.

Difference from Registry Editor

How to open Registry Editor in Windows 10

If you pay attention to the functionality and capabilities of these built-in Windows utilities, you can quickly notice that LGP configurations are superior to the registry tweaker in this path. This is explained by the fact that when editing GPU settings, network administrators always see and understand what they are working with. There are no complicated parameter paths or scripts in this program that can only be understood by experienced users.

The registry editor is significantly different from RLGP

When making any changes in the LGP Editor program, they will always be automatically accepted in the system registry by the Windows operating system. The opposite is also true: if you make the necessary changes to the keys in the registry settings, then the values ​​in the RLGP will also be changed before their subsequent adjustment.

There is one very interesting fact: group policies of the Windows 10 operating system automatically update registry entries at certain time intervals. This is necessary to keep everything in working order.

Note! Typically the time interval is in the range of half an hour to one and a half hours. If the user wants, this setting can be changed.

Activate Local Group Policy Editor Gpedit.msc in Windows 10 Home

Windows 10 doesn't have a built-in tool that can enable the Local Group Policy Editor. Thus, the only way is the help of a third-party Policy Plus utility with a Russian interface.

Policy Plus

Policy Plus is a free program that perfectly activates the local group policy editor “Gpedit.msc” in Windows 10 Home. This tool is licensed to run on Windows 10, so you can run it without any violation issues. Policy Plus resembles the real Windows 10 Group policy editor.

Step 1

.
Download Policy Plus from the Github repository
. Once the download is finished, open the file and you will immediately get a simple, clean interface that has all the policy options in categories and subcategories.

Step 2

.
Click Help
and then
Acquire ADMX Files.
In the window that appears, click “
Begin
”. This will download the full set of policies from Microsoft.

Step 3

. You can start adjusting the settings of your Windows 10 Home system.

Users of Windows 10 who have Starter or Home editions are facing an issue when running the gpedit.msc command. The message appears on the screen: “Cannot find “gpedit.msc”. Check that the name is correct and try again." Why the local group policy editor (which is called by the gpedit.msc command) is not found in Windows 10, read within the framework of this article.

Installing Group Policy Editor

If you cannot find gpedit.msc in Windows 7, 8, 10, you can use the installation of a special patch. It is worth noting that the installer has an English interface. Therefore, before installing the editor, you should try other methods that will help resolve the error.

Ways to resolve error 0xc0000225 in Windows 7, 8, 10

Preparation and installation

It is important that before installing the patch, be sure to create restore point to avoid system failures. If the point is not created, you cannot roll back to the previous system settings.

First, let's figure out how to install on 32-bit Windows:

• unpack the archive and run the file with the extension “exe”;
• Next, the installer wizard window will open, click on the “ Next ” tab;
• then we start the installation process by clicking “ Install ”;
• after finishing, click “ Finish ”;
• Launch the Editor using the keyboard shortcut “ Win ​​+ R ”.

Installation features on x64 systems

In turn, on a 64-bit system the process of installing the patch will be slightly different:

• download the archive and install the application;
• then open Explorer, copy “C:\Windows\SysWOW64” into the search bar (the drive letter can be any, depending on where the OS is installed);
• after going to the desired directory, while holding down the “Ctrl” key , select the following components: “GPBAK”, “GroupPolicyUsers”, “GroupPolicy”, and “gpedit.msc”. Right-click on the selected objects and select “ Copy ”;
• then type “Windows” into the search bar of Explorer, go to the “ System32 ” folder, right-click on an empty space, and click “ Paste ”;
• then a window will open, select “ Copy with replacement ”;
• in the new window “No access to target folder”, click “ Continue ”;
• return to the search line, enter the command “%WinDir%/Temp ”. This folder is a storage for temporary files;
• We look for temporary files with the names: “gpedit.dll”, “appmgr.dll”, “fde.dll”, “fdeploy.dll”, “gptext.dll”. Select them, right-click, select “ Copy ”;
• We return to the previous directory and paste the copied files with replacement. Afterwards you will need to restart your computer;
• launch the editor using the “ Run ” utility or through search.

Thanks to the action performed, the utility should be launched. If this does not happen, you will need to perform the following operations.

Additional actions:

• download and install the program. When the installation is complete, do not click “ Finish ”. Leave the installation wizard window open;
• go to Explorer, enter the request “%WinDir%/Temp/gpedit ”;
• click on the executable file “x86.bat” for a 32-bit system, “x64.bat” for a 64-bit system;
• then we try to run the utility .

MMS error when opening gpedit.msc

This error most often occurs to the user when the account name contains several characters or spaces, for example, “Admin_PC”. When you run the utility, the window will display the information “MMC Management Console cannot create the snap-in.”

To solve the problem you need to do the following :

• It is necessary to install the above-mentioned patch installation. When the process is complete, there is no need to click “ Finish ”;
• then go through the search bar of the explorer to the “ Gpedit ”
• We look for files with the names “x86.bat” and “x64.bat”, right-click on one of them, depending on the bit depth of the installed system. In the context menu, select “ Change ”;
• The code for this element will open in notepad; it needs to be changed. On the work panel, select “Edit” and “ Replace ”;
• in the “What” field enter the command “%username%:f ”, in the “What” line enter “%username%:f ”, click “Replace all”, save the result;
• go back to the “Gpedit” directory, run the modified file as administrator. Then in the installation wizard, click “ Finish ”.

Cannot resolve the server's DNS address - fixing the error

Other Possible Problems

In addition to the above, for the editor to work correctly, you must install the latest version of the .NET Framework software component. If you have previously installed this software, you must enable it.

enable the ".NET Framework" as follows:

• go to the control panel ;
• select “ Programs and Features ”;
• in the left column, open the “Turn Windows features on or off” tab;
• Check “NET Framework 3.5 (includes NET 2.0 and 3.0)” checkbox

About the editor

The Local Group Policy Editor is essentially a registry editor with a graphical interface. It is designed for fine-tuning Windows. At the moment, the developers have cut out the editor in the Home and Starter versions, leaving it in Windows 10 Professional (Pro) and Enterprise (Enterprise). Officially, you won’t be able to use the editor in versions where it is cut out, so users can make the necessary settings in the registry editor. But you can return a custom “graphical interface editor”.

Advice! Special tables from Microsoft will help you find out how editor policies correspond to registry values: Group Policy Settings Reference for Windows and Windows Server.

How to install?

There are 2 solutions:

• transferring editor files from the Pro version, installing components from the distribution and installing an unofficial application compiled into an installer by the user for Windows 7 (but it is suitable for versions 8.1 and 10);
• installation of the application followed by transfer of system files and libraries.

Important! Since you will be working with system files, there is always a possibility of system damage. I recommend .

Method 1

To transfer files you need administrator rights.

Good to know! In Windows 10, developers have disabled the function of entering safe mode by pressing the F8 button before booting the system. They did this to load the OS faster. .

Disabling UAC

1. Right-click on “Start” and select “Control Panel.”
2. Go to the "User Accounts" section.
3. In the new window, click “Change User Account Control Settings.”
4. Set the slider to its lowest position, “Never notify,” and click “OK.”

Copying from the GPBAK catalog

This method is best suited if the editor files have been damaged or deleted. The advantage of this option is that the risk of rendering the system inoperable is minimal. It is worth noting that this method does not guarantee a positive result.

Process:

• you need to open Explorer, enter the command “%WinDir%\System32\GPBAK ” (for a 32-bit system) and “%WinDir%\SysWOW64\GPBAK ” (for 64-bit systems);
• In the directory, select all the files, click on them “RMB” and “ Copy ”;
• in the address bar of the browser, in the directory path, click “ Windows ”, in the section we look for the “ System32 ” folder, copy the files with replacement;
• Next you should restart your computer.

What to do if you can’t run applications and games on your computer