Best Practice: How to show or hide Control Panel items in Windows 7 using Group PolicyWelcome

About Me

Gender: Male
Industry: Technology
Occupation: System Supervisor
Location: Residential Hoang Gia, Ward No 2, My Hanh Nam Village, Duc Hoa DIST, Long An Province
Introduction: Cool....
Interests: Microsoft OS, Networking, RedHat Linux, System Administration, ... System Integration : IBM, Email Systems : IBM Lotus notes and Domino, VOIP,

...This is my personal and educational blog site and this has posts which are related to my research and interesting areas on Information Technology... Please feel free to comment on any technical/Article matters on this regard.

Thanks You !

Friday, September 6, 2013

Best Practice: How to show or hide Control Panel items in Windows 7 using Group Policy

3:07 PM

MISDUONG

No comments

One of the common lock down’s that administrator apply to Remote Desktop Services Servers (a.k.a. Terminal Services (a.k.a. Citrix)) is to remove all but the essential control panel items.
Previous to Windows 7 you had to specify the .cpl (e.g. timedate.cpl) file name of the control panel item you wanted to show or hide however this has changed in Windows 7 and you now need to use the Canonical Name when hiding or showing specific items.
Below I will explain the new way of configuring control panel items for Windows 7 and show you the affect that this has on the control panel.
Before you begin I recommend that you take a look at http://msdn.microsoft.com/en-us/library/ee330741(VS.85).aspx which lists all the Canonical names for the control panel items for Windows 7. You will need to know what CN of the item you want to restrict or allow.
Note: In this example we are only going to show the control panel items we want to see (white list) however if you use the Hide specified Control Panel items policy setting you can black list only the items you don’t want listed.
Step 1. Edit the Group Policy object that is applied to the users that you want to apply the Control Panel configuration.
Step 2. Navigate to User Configuration > Policies > Administrative Templates > Control Panel
Step 3. Double click on the Show only specified Control Panel items setting then check Enabled and then click then Show button.

Step 4. Now you have the Show Contents dialog box open you need to visit the web site that list the names at Canonical Names of Control Panel Items and copy the Canonical name for the control panel item you want to display.
Paste the name into the value field enter the canonical name of the control panel item you want to show in the Value field and click OK.

You will now see that the only available control panel item is the Region and Language options (see below).

However this view is somewhat confusing for users as they can still click on the category but there are not items to display (see below).

To get around this problem also enable the Always open All Control Panel Items (a.k.a Force classic Control Panel) when opening Control Panel setting in the same GPO.
Note: This option is probably not needed if you used the Show only specified Control Panel setting instead.

Now when the users open control panel they will only see the specific control panel items you have allowed without the empty categories.