Securing Windows 10 with Local Group Policy

Introduction

When it comes to quickly making wide-ranging modifications to Windows systems, Group Policy is usually at the top of the list for ease-of use and raw power. The problem is that most people think of Group Policy as this all-encompassing voodoo that is only for large organizations and massive domains. 

To be fair, those are great examples of groups that depend on Group Policy, since it is extremely difficult to properly manage that many workstations individually without help. What many don’t realize, however, is that Group Policy still is available at a local individual workstation level. You don’t necessarily need to have a Domain Controller and complex GPOs to help secure workstations: Local Group Policy can still help in situations where you can’t or won’t be able to deploy from a central source. 

We’re going to be going over some of the basics of Local Group Policy, as well as what it can and cannot do.

PLEASE BE AWARE: Local Group Policy (like standard Group Policy) is not present or supported by Microsoft on Windows 10 Home. There are ways to get around this, but they are very hit-or-miss and are actively discouraged by Microsoft. Please keep this in mind if you are attempting to do this on a Windows 10 Home system.

Group policy hierarchy

To start with, Local Group Policy is at the beginning of a very long chain of Inheritance. When a computer is booting up or a user is logging on, Group Policies begin to be applied. Local Group Policies are applied first before all others, but while this would make you think that they take precedence, they actually have the least impact of all forms of Group Policy.

Local Group Policies run first, followed by Site-Level Policies, Domain-Level Policies and Organizational Unit (Read more...)