Windows Group Policy Categories – Systems Engineering & Integration

GPOs contain hundreds of configuration settings. The following table describes common settings.

Setting Category	Description
Account Policies	Use Account Policies to control the following: Password settings Account lockout settings Kerberos settings Account policies are in effect only when configured in a GPO linked to a domain.
Local Policies/Audit Policy	Use Audit Policy settings to configure auditing for events, such as log on, account management, or privilege use.
Local Policies/User Rights Assignment	Computer policies include a special category of policies called user rights. User rights identify system maintenance tasks and the users or groups who can perform these actions. Examples of user rights include: Access this computer from the network (the ability to access resources on the computer through a network connection) Load and unload device drivers Back up files and directories (does not include restoring files and directories) Shut down the system Remove a computer from a docking station
Local Policies/Security Options	Security options allow you to apply or disable rights for all users to whom the Group Policy applies. Examples of Security Options policies include: Computer shut down when Security event log reaches capacity Unsigned driver installation Ctrl+Alt+Del required for log on
Registry	You can use registry policies to: Configure specific registry keys and values. Specify if a user can view and/or change a registry value, view sub-keys, or modify key permissions.
File System	Use File System policies to configure file and folder permissions that apply to multiple computers. For example, you can limit access to specific files that appear on all client computers.
Software Restriction Policies	Use software restrictions policies to define the software permitted to run on any computer in the domain. These policies can be applied to specific users or all users. You can use software restrictions to: Identify allowed or blocked software. Allow users to run only specified files on multi-user computers. Determine who can add trusted publishers. Apply restrictions to specific users or all users.
Administrative Templates	Administrative templates are registry-based settings that can be configured within a GPO to control the computer and the overall user experience such as: Use of Windows features such as BitLocker, Offline files, and Parental Controls Customize the Start menu, taskbar, or desktop environment Control notifications Restrict access to Control Panel features Configure Internet Explorer features and options
Starter Group Policy Objects	Starter Group Policy Objects, referred to as Starter GPOs, allow you to store a collection of Administrative Template policy settings in a single object. When you create a new GPO from a Starter GPO, the new GPO has all of the Administrative Template policy settings and values that were defined in the Starter GPO. You can easily distribute Starter GPOs by exporting and then importing them to another environment.