In Windows 7, you can perform some pretty amazing things by using a tool that’s about as hidden as any Windows power tool can be: the Local Group Policy Editor. That Microsoft has buried this program in a mostly untraveled section of the Windows landscape isn’t the least bit surprising, because in the wrong hands, the Local Group Policy Editor can wreak all kinds of havoc on a system. It’s a kind of electronic Pandora’s box that, if opened by careless or inexperienced hands, can loose all kinds of evil upon the Windows world.

Of course, none of this doom-and-gloom applies to you, dear reader, because you’re a cautious and prudent wielder of all the Windows power tools. This means that you’ll use the Local Group Policy Editor in a safe, prudent manner, and that you’ll create a system restore point if you plan to make any major changes. I knew I could count on you.

Put simply, group policies are settings that control how Windows works. You can use them to customize the Windows 7 interface, restrict access to certain areas, specify security settings, and much more. You make changes to group policies using the Local Group Policy Editor, a Microsoft Management Console snap-in. (I’ll note here that the Local Group Policy Editor isn’t available with Windows 7 Home and Windows 7 Home Premium. I’ll show you how to perform the same tweak using the Registry if you’re using those versions.) To start the Local Group Policy Editor, follow these steps:

  1. Click Start.
  2. Type gpedit.msc.
  3. Press Enter.

Figure A shows the Local Group Policy Editor window that appears. (The word Local refers to the fact that you’re editing group policies on your own computer, not on some remote computer.)

Figure A

You use the Local Group Policy Editor to modify group policies on your PC.


Note: This article is available as a PDF download. You can also download the sample chapter “Tweaking the Windows 7 Registry” from the author’s recently published book Windows 7 Unleashed.


1: Locking in delete confirmations

When you delete a file or folder in Windows 7, the system asks you to confirm the deletion. If this extra step bugs you, you can turn it off by right-clicking the desktop’s Recycle Bin icon, clicking Properties, and then deactivating the Display Delete Confirmation Dialog check box.

Now let’s consider this from the opposite point of view. The reason Windows displays the delete confirmation dialog box by default is to prevent you from accidentally deleting a file. You and I are savvy, knowledgeable users, so we know when we want to delete something, but not everyone falls into this boat. If you have young kids or old parents who use Windows, you know that the delete confirmation dialog box is an excellent safeguard for these and other inexperienced users.

In that case, you might be wondering if there’s a way to ensure that a novice user can’t turn off the delete confirmation dialog box. Yes, there is. In fact, are two ways to prevent a user from turning off delete confirmations:

  • Disable the Display Delete Confirmation Dialog check box that appears in the Recycle Bin’s property sheet.
  • Disable the Recycle Bin’s Properties command so that the user can’t display the Recycle Bin’s property sheet.

Follow these steps to implement one of these policies:

  1. In the Local Group Policy Editor, open the User Configuration branch.
  2. Open the Administrative Templates branch.
  3. Display the property sheet of the policy you want to use, as follows:
  • If you want to disable the Display Delete Confirmation Dialog check box, open the Windows Components branch and then click Windows Explorer. Double-click the policy named Display Confirmation Dialog When Deleting Files. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named ConfirmFileDelete with the value 1 in the following key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • If you want to disable the Recycle Bin’s Properties command, click Desktop and then double-click the Remove Properties From The Recycle Bin Context Menu policy. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named NoPropertiesRecycleBin with the value 1 in the following key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  1. Click the Enabled option.
  2. Click OK to put the policy into effect.

2: Disabling the notification area

If you have zero use for the taskbar’s notification area, you can disable it entirely by following these steps:

  1. In the Local Group Policy Editor, open the User Configuration branch.
  2. Open the Administrative Templates branch.
  3. Click the Start Menu And Taskbar branch.
  4. Double-click the Hide The Notification Area policy, click Enabled, and then click OK.
  5. Double-click the Remove Clock From The System Notification Area policy, click Enabled, and then click OK.
  6. Log off and then log back on to put the policy into effect.

If you prefer (or need) to implement this policy via the Registry, first open the Registry Editor (click Start, type regedit, press Enter, and enter your UAC credentials). Then, navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

(If you don’t see the Explorer key, click the Policies key, select Edit | New | Key, type Explorer, and press Enter.)

Now follow these steps:

  1. Select Edit | New | DWORD (32-bit) Value.
  2. Type NoTrayItemsDisplay and press Enter.
  3. Press Enter to open the NoTrayItemsDisplay setting, type 1, and then click OK.
  4. Select Edit | New | DWORD (32-bit) Value.
  5. Type HideClock and press Enter.
  6. Press Enter to open the HideClock setting, type 1, and then click OK.
  7. Log off and then log back on to put the policies into effect.

3: Removing an icon from Control Panel

You can gain a bit more control over the Control Panel by configuring it not to display icons that you don’t ever use or that aren’t applicable to your system.

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
  2. Double-click the Hide Specified Control Panel Items policy.
  3. Click the Enabled option.
  4. Click the Show button to open the Show Contents dialog box.
  5. For each Control Panel icon you want to hide, type the icon name and press Enter.
  6. Click OK to return to the Hide Specified Control Panel Items dialog box.
  7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named DisallowCpl and set it equal to 1. Also create a new key named DisallowCpl, and within that key create a new String value for each Control Panel icon you want to disable. Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to disable.

4: Showing only specified Control Panel icons

Disabling a few Control Panel icons is useful because it reduces a bit of the clutter in the All Control Panel Items window. However, what if you want to set up a computer for a novice user and you’d like that person to have access to just a few relatively harmless icons, such as Personalization and Getting Started? In that case, it’s way too much work to disable most of the icons one at a time. A much easier approach is to specify just those few Control Panel icons you want the user to see. Here’s how:

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
  2. Double-click the Show Only Specified Control Panel Items policy.
  3. Click the Enabled Option.
  4. Click the Show button to open the Show Contents dialog box.
  5. For each Control Panel icon you want to show, type the icon name and press Enter.
  6. Click OK to return to the Show Only Specified Control Panel Items dialog box.
  7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named RestrictCpl and set it equal to 1. Also create a new key named RestrictCpl, and within that key create a new String value for each Control Panel icon you want to show. Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to show.

5: Preventing other folks from messing with the Registry

Do you share your computer with other people? How brave! In that case, there’s a pretty good chance that you don’t want them to have access to the Registry Editor. In Windows 7, User Account Control automatically blocks Standard users unless they know an administrator’s password. For other administrators, you can prevent any user from using the Registry Editor by setting a group policy:

  1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System branch.
  2. Double-click the Prevent Access To Registry Editing Tools policy.
  3. Click Enabled.
  4. In the Disable Regedit From Running Silently? list, click Yes.
  5. Click OK.

Once you set this policy, you won’t be able to use the Registry Editor, either. However, you can overcome that by temporarily disabling the policy prior to running the Registry Editor.

Yes, you could perform this tweak in Windows 7 Home and Home Premium using the Registry Editor, but then you wouldn’t be able to reverse it because the Registry Editor would be disabled! In my book Windows 7 Unleashed, I provide a script that toggles the corresponding Registry setting on and off; see that book for more info.

6: Disabling Internet Explorer’s Security and Privacy tabs

If you want to prevent a novice user from mucking around in Security and Privacy tabs in the Internet Options dialog box, you can hide them:

  1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel branch.
  2. Double-click the Disable The Privacy Page policy.
  3. Click Enabled and then click OK.
  4. Double-click the Disable The Security Page policy.
  5. Click Enabled and then click OK.

Note that the Security Page sub-branch also enables you to set policies for the settings in each zone.

To configure these policies via the Registry Editor, first display the following branch:

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

Add a DWORD setting named PrivacyTab and set it to 1; add another DWORD setting named SecurityTab and set it to 1.

7: Customizing the Windows Security window

When you press Ctrl+Alt+Delete while logged on to Windows 7, you see the Windows Security window, which contains the following buttons: Lock This Computer, Switch User, Log Off, Change A Password, and Start Task Manager. Of these five commands, all but Switch User are customizable using group policies. So if you find that you never use one or more of those commands, or (more likely) if you want to prevent a user from accessing one or more of the commands, you can use group policies to remove them from the Windows Security window. Here are the steps to follow:

  1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System | Ctrl+Alt+Del Options branch.
  2. Double-click one of the following policies:
  • Remove Change Password — You can use this policy to disable the Change A Password button in the Windows Security window.
  • Remove Lock This Computer — You can use this policy to disable the Lock Computer button in the Windows Security window.
  • Remove Task Manager — You can use this policy to disable the Start Task Manager button in the Windows Security window.
  • Remove Logoff — You can use this policy to disable the Log Off button in the Windows Security window.
  1. In the policy dialog box that appears, click Enabled and then click OK.
  2. Repeat steps 2 and 3 to disable all the buttons you don’t need.

Figure B shows the Windows Security window with only the Switch User button displayed.

Figure B

You can use group policies to customize the Windows Security window.

To perform the same tweak using the Registry , open the Registry Editor and open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

Change the value of one or more of the following settings to 1:

DisableChangePassword
DisableLockWorkstation
DisableTaskMgr

To remove the Log Off button via the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Change the value of the NoLogoff setting to 1.

8: Customizing the Places bar

The left side of the old-style Save As and Open dialog boxes in Windows 7 include icons for several common locations: Recent Places, Desktop, Libraries, Computer, and Network.

The area that contains these icons is called the Places bar. If you have two or more folders that you use regularly (for example, you might have several folders for various projects that you have on the go), switching between them can be a hassle. To make this chore easier, you can customize the Places bar to include icons for each of these folders. That way, no matter which location you have displayed in the Save As or Open dialog box, you can switch to one of these regular folders with a single click of the mouse.

The easiest way to do this is via the Local Group Policy Editor, as shown in the following steps:

  1. In the Local Group Policy Editor, open the following branch: User Configuration | Administrative Templates | Windows Components | Windows Explorer | Common Open File Dialog.
  2. Double-click the Items Displayed In Places Bar policy.
  3. Click Enabled.
  4. Use the Item 1 through Item 5 text boxes to type the paths for the folders you want to display. These can be local folders or network folders.
  5. Click OK to put the policy into effect.

If you don’t have access to the Local Group Policy Editor, you can use the Registry Editor to perform the same tweak. Open the Registry Editor and navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\

Now follow these steps:

  1. Select Edit | New | Key, type comdlg32, and press Enter.
  2. Select Edit | New | Key, type Placesbar, and press Enter.
  3. Select Edit | New | String Value, type Place0, and press Enter.
  4. Press Enter to open the new setting, type the folder path, and then click OK.
  5. Repeat steps 3 and 4 to add other places (named Place1 through Place4).

9: Increasing the size of the Recent Documents list

To customize the size of the Start menu’s Recent Items list, follow these steps:

  1. In the Local Group Policy Editor, navigate to the User Configuration | Administrative Templates | Windows Components | Windows Explorer branch.
  2. Double-click the Maximum Number Of Recent Documents policy.
  3. Click Enabled.
  4. Use the Maximum Number Of Recent Documents spin box to specify the number of documents you want Windows 7 to display.
  5. Click OK.

For the Registry equivalent, open the Registry Editor and display the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create a DWORD setting named MaxRecentDocs and set its value to the number of recent documents you want to display.

10: Enabling the Shutdown Event Tracker

When you select Start | Shut Down, Windows 7 proceeds to shut down without any more input from you (unless any running programs have documents with unsaved changes). That’s usually a good thing, but you might want to keep track of why you shut down or restart Windows 7, or why the system itself initiates a shutdown or restart. To do that, you can enable a feature called Shutdown Event Tracker. With this feature, you can document the shutdown event by specifying whether it is planned or unplanned, selecting a reason for the shutdown, and adding a comment that describes the shutdown.

To use a group policy to enable the Shutdown Event Tracker feature, follow these steps:

  1. In the Local Group Policy Editor, navigate to the Computer Configuration | Administrative Templates | System branch.
  2. Double-click the Display Shutdown Event Tracker policy.
  3. Click Enabled.
  4. In the Shutdown Event Tracker Should Be Displayed list, select Always.
  5. Click OK.

Now when you select Start | Shut Down, you see the Shut Down Windows dialog box shown in Figure C.

Figure C

The Shut Down Windows dialog box appears with the Shutdown Event Tracker feature enabled.

To enable the Shutdown Event Tracker on systems without the Local Group Policy Editor, open the Registry Editor and dig down to the following key:

HKLM\Software\Policies\Microsoft\Windows NT\Reliability

Change the value of the following two settings to 1:

ShutdownReasonOn
ShutdownReasonUI


Paul McFedries is a full-time technical writer who has worked with computers in one form or another since 1975 and has used Windows since version 1 was foisted upon an unsuspecting (and underwhelmed) world in the mid-1980s. He is the author of more than 60 computer books, which have sold more than three million copies worldwide. Recent titles include the Sams Publishing books Microsoft Windows Vista Unleashed and Microsoft Windows 7 Unleashed. Please visit Paul’s Web site at http://www.mcfedries.com/.

Subscribe to the Microsoft Weekly Newsletter

Be your company's Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays

Subscribe to the Microsoft Weekly Newsletter

Be your company's Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays