Run gpedit.msc
* Computer Configuration / Windows Settings / Security Settings / Acount Policies / Password Policy
Maximum password age = 0
* Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Change the system time = add the users group
* Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
Devices: Allowed to format and eject removable media = Administrators and Interactive users
* Computer Configuration / Windows Settings / Security Settings / Software Restriction Policies
Security Levels = Disallowed
Additional Rules = "C:\Program Files(86)", Path for any drive partitions also
Enforcement = All users except local administrators, All software files
Designated File Types = remove .lnk restrictions
Trusted Publishers = Allow all administrators and users to manage....
* User Configuration / Administrative Templates / Desktop
Do not add shares of recently opened documents to Network Locations = Enabled
* User Configuration / Administrative Templates / Shared Folders
Allow shared folders to be published = Disabled
* User Configuration / Administrative Templates / Windows Components / Attachment Manager
Inclusion list for moderate risk file types = Enabled = *.exe
* Right click on "C:" drive and go to Properties
On the Security tab, remove Authenticated Users from list.
Bookmarks