Skip to content

GROUP POLICY – How to add a Group Policy to Windows 7 – The VISUAL GUIDE


Group policy allows mandated security settings to be deployed on local and domain machines.

Step 1- Start > Type “MMC” into search box

Select MMC


Step 2 – File > Add/Remove Snap in

add snapin

Step 3 – Select “Group Policy Object” > ADD Button

group policy

LOCAL Computer > Finish > OK

If  you wanted a Domain Controller, use the BROWSE button.

local computer

Step 4 – Local Policy options

Computer Configuration

local policy

A memory trick here for Computer Configuration is:


Windows Settings > Security Settings > Local Policies



Audit Policy, User Rights, Security Options



Step 5 – Audit Policy

Audit Policy > Audit account logon events

audit policy

Tick both Success & Failure

audit logon

Step 6 – User Rights

You may wish to limit specific rights, such as to change the time or reboot the machine.

User Rights > Change System Time


Add Groups that are allowed to set system time eg Administrators

Add User or Group Button

change time

Step 7 – Security Options

You may wish to Disable the built in Administrator and Guest accounts 

Security Options > Accounts Administrator Account Status

Secuirty options


disable admin

All done!


Emergency Help

The built in Administrator account always has a RID (Relative ID) of 500.

Use the tools Sid2user and User2SID in order to enumerate the accounts if you renamed Admin, but forgot which account name you gave it.  A RID of 500 means the builtin Administrator account.  Look for RID 500 – and that’s it … you’ve got the Admin account.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: