Lockdown windows

The Settings app is a perfect example of this, not just redesigning but completely rewriting the application that handles configuration changes that affect users on the computer and in some cases, how the computer behaves. While the Control Panel is still available, Microsoft defaults to using Settings as the means of controlling the OS's configuration.

With this in mind, the Settings app can be used by any user on the computer to modify critical and not so critical settings. Not all -- but many -- of these settings do impact other users or the way in which the computer operates itself.

This can pose issues for multi-user setups where more than one user will work from a machine. Even in single user environments, it would behoove systems administrators to lockdown unnecessary panes in addition to securing those panes which IT specifically wishes to keep out of the hands of end-users.

Luckily, as of Windows 10 build , Microsoft added the required policy templates to Group Policy in an effort to prevent unauthorized access to the individual panes, or the entire Settings app Figure A. Make sure you do so with an account that has rights to edit the policy.

Tick the radio button to Enabled, and the text box under Options will become editable. This policy has a dual-homed personality meaning that it can either show a specified list of pages that will be allowed; or hide a specified list of pages that will be disabled and hidden from view.

By specifying the prefix "showonly:" or "hide:" before listing the names of the page s , the listed items will be shown or hidden, depending on the prefix.

Multiple pages can be specified by using a semi-colon between ms-settings names. Enable the Unbranded boot feature by running the following command in an Administrative Command Prompt:. Anytime you rebuild the BCD information, for example using bcdboot, you'll have to re-run the above commands. You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen.

See Custom logon for more information. Custom Logon feature will not work on images that are using a blank or evaluation product key. You must use a valid Product Key to see the changes made with the below commands. Enable the Custom Logon feature by running the following command at an Administrative Command Prompt:.

Next at an Administrative Command prompt modify the following registry entries. If prompted to overwrite choose Yes. Restart the reference device. You should no longer see the Windows UI elements that relate to the Welcome screen and shutdown screen. Your device now has device lockdown features in place. You can use group policies to further customize your device's user experience. Lab 3 covers how to congifure policy settings.

Go to lab 3. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Lockdown Designer also helps you define multiple roles for device users, and configure the apps and settings for each role separately.

Stay informed about special deals, the latest products, events, and more from Microsoft Store. Available to United States residents. By clicking sign up, I agree that I would like information, tips, and offers about Microsoft Store and other Microsoft products and services. Privacy Statement. Lockdown Designer. See System Requirements.

Available on PC. Description Lockdown Designer app helps you configure and create a lockdown XML file that you can apply to devices running Windows 10 Mobile, version Show More. People also like. Ink To Code Free. Holographic Remoting Player Free.