8. Use group strategy to improve system performance
1. Increase Windows Internet access rate by 20% (Windows XP/2003)
By default, the Windows network connection packet scheduler limits the system to 80% of the connection bandwidth, which is undoubtedly a considerable expense for networks with smaller bandwidth. We can replace the default value through Group Policy settings, which will increase our Internet access rate by 20%!
Open the "QoS Packet Scheduler" in the "Group Policy Console → Computer Configuration → Administrative Templates → Network" and enable this policy. Then use the "Bandwidth Limit" box below to adjust the bandwidth ratio that the system can retain, set it to 0%, and then press OK to exit, and then we can use another 20% of the bandwidth.
2. Turn off thumbnail cache (Windows XP/2003)
The Windows XP/20003 system has a thumbnail view function. In order to speed up the display of thumbnails that are frequently browsed, the system will cache these displayed images so that the information in the cache will be directly read when opened next time, thereby achieving the purpose of rapid display. However, if we do not want the system to buffer (such as images that only browse once), we can use Group Policy to turn off the thumbnail cache function, so that the first browsing speed will be greatly accelerated (because there is no cache processing).
Open "Close the cache of thumbnails" in "Group Policy Console → User Configuration → Administrative Templates → Windows Components → Windows Explorer" and enable this policy.
3. The CD burning function that shields the system comes with (Windows XP/2003)
Windows XP/2003 system comes with CD burning function. If you have a CD burner connected to your computer, Windows Explorer allows you to make and modify rewritable CDs. But this will undoubtedly affect system performance and the speed of the resource manager's execution, so we can use Group Policy to block this feature (most users use dedicated CD burning software).
Open the "Delete CD Burning Feature" in "Group Policy Console → User Configuration → Administrative Templates → Network →" and enable this policy.
4. Turn off system restore function (Windows XP/2003)
System restore is a powerful feature integrated in Windows XP/2003. It backs up the changed files and data while the system is running. If there is a problem, system restore enables users to restore the computer to its previous state without losing personal data files. By default, system restore is on.
However, the price paid for this function is also quite large. The system performance will be significantly reduced and the disk space will be occupied a lot. For computers with low configuration, it is highly recommended to turn off this feature.
Open "Switch System Restore" in "Group Policy Console → Computer Configuration → Administrative Templates → System → System Restore" and enable this policy. When this setting is enabled, the system restore function can be turned off and the System Restore Wizard and Configuration Interface are not accessible.
5. Disable Windows Messenger automatically (Windows XP/2003)
There are more and more excellent application software integrated in Windows systems, but none of the built-in software in these systems does not have the option to uninstall, which has caused dissatisfaction among many computer users. For example, Windows Messenger, which comes with Windows XP, is not only inconvenient to uninstall but also runs automatically with the system. For computer users who do not use the Internet or those who do not use Windows Messenger at all, of course, the automatic operation function of this software must be blocked.
Open "Don't allow running Windows Messenger" in "Group Policy Console → Computer Configuration → Administrative Templates → Windows Components → Windows Messenger" and enable this policy.
Tip: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the settings in Computer Configuration are preferred over the settings in User Configuration.
9. Use group strategy to create system wall-level functions
1. Hide the drive specified in "My Computer" (Windows XP/2003)
This group policy removes icons representing the selected hardware drive from My Computer and Windows Explorer. And all drives represented by the drive letter do not appear on the standard open dialog box.
Open "Hide these specified drives in 'My PC'" in the "Group Policy Console → User Configuration → Administrative Templates → Windows Components → Windows Explorer" and enable this policy and select one or several drives in the list box below.
Tip: This policy only removes the drive icon. Users can still continue to access the contents of the drive by using other means. At the same time, this policy does not prevent users from using programs to access these drives or their content. And it also does not prevent users from using disk management plug-and-play to view and change drive characteristics.
2. Prevent access to drives from "My Computer" (Windows 2000/XP/2003)
This policy prevents users from viewing the contents of the selected drive in My Computer or Windows Explorer. It also prohibits the use of the Run dialog, the Mirror Network Drive dialog, or the Dir command to view directories on these drives.
Open "Prevent drive access from 'My PC'" in "Group Policy Console → User Configuration → Administrative Templates → Windows Components → Windows Explorer" and enable this policy and select one or several drives in the list box below.
Tip: These icons representing the specified drive will still appear in "My Computer", but if the user double-clicks the icon, a message will appear explaining the settings to prevent this action. At the same time, these settings will not prevent users from using other programs to access local and network drives. And it does not prevent them from using disk management to view and change drive characteristics.
3. Use of command prompts is prohibited (Windows 2000/XP/2003)
Under Windows 2000/XP/2003, we can run it into the command prompt state and can continue to run some DOS commands and other command-line programs. For security reasons, some systems should block this feature.
Open "Block access to command prompt" in "Group Policy Console → User Configuration → Administrative Templates → System" and enable this policy, and select whether to "Disable Command Prompt Script Processing also" in the list box below. This setting also determines whether the batch files .cmd and .bat can run on the computer.
If this setting is enabled, a message will be displayed when the user tries to open the command window, explaining that the settings prevent this operation.
4. Disable changes to display properties (Windows 2000/XP/2003)
Select "Show" in "Control Panel" or right-click to select "Properties" in the blank space of the Windows desktop to enter the "Show Settings" dialog box, which can set desktop themes, desktop backgrounds, screensaver programs, display settings, etc. If you don't want others to change various settings at will, you can hide it through Group Policy.
Open the "Group Policy Console → User Configuration → Administrative Templates → Control Panel → Show", and you can see policy configurations such as Hide Desktop Tabs, Hide Theme Tabs, Hide Saver Tabs, Hide Settings Tabs, etc. You can configure these items as needed. For example, after enabling the "Hide 'Desktop' Tab" policy and opening the "Show Properties" dialog box, you will not see the "Desktop" tab, so you will naturally be unable to change the desktop properties.
5. Disable Registry Editor (Windows 2000/XP/2003)
In order to prevent others from modifying the registry file after entering the computer, you can make prohibited access settings for the registry editor in Group Policy. Specific operation method: Open the "Block access to the Registry Editing Tool" in the "Group Policy Console → User Configuration → System" and enable this policy.
After this policy is enabled, when the user tries to start the registry editor (and ), the system will prohibit such operations and a warning message will pop up.
6. Completely prohibit access to "Control Panel" (Windows 2000/XP/2003)
If you do not want other users to access the computer's "control panel", you can also use Group Policy. Open "Disable Access to Control Panel" in "Group Policy Console → User Configuration → Administrative Templates → Extension Panel" and enable this policy.
When enabled, this policy prevents the Control Panel program file() from being started. Others will not be able to start Control Panel (or run any Control Panel projects). Additionally, this setting will remove Control Panel from the Start menu. At the same time, this setting also deletes the Control Panel folder from "Windows Explorer".
7. Disable new dial-up connection (Windows 2000/XP/2003)
Group policy can also do it if you don't want others to establish a new connection on your computer to dial up and access the Internet. Open the "Disable access to the new connection wizard" in the "Group Policy Console → User Configuration → Administrative Templates → Network → Network Connections" and enable this policy.
When this policy is enabled, "Create a New Connection" will not appear in the Network Connections folder and in the Start Menu.
Tip: This setting cannot prevent users from using other programs such as Internet Explorer to bypass this setting. In addition, this setting must be restarted before it can take effect.
8. Disable "Add/Remove Programs" (Windows 2000/XP/2003)
The Add or Remove Programs project in Control Panel allows you to install, uninstall, repair, and add and remove Windows features and components as well as a wide variety of Windows programs. If you want to prevent other users from installing or uninstalling the program, you can use Group Policy to do so.
Open the "Delete the 'Add/Remove Program' program" in "Group Policy Console → User Configuration → Administrative Templates → Control Panel → Add → Delete Programs" and enable this policy. When we open the "Add/Remove Programs" module in "Control Panel", a warning window will automatically pop up, while "Add/Remove Programs" cannot run.
In addition, in the "Add/Remove Program" branch, you can also hide the items such as "Add New Program", "Add Program from CD-ROM or Floppy Disk", "Add Program from Microsoft", and "Add Program from the Network" in the "Add/Remove Program" item in the "Add/Remove Program" item in the Windows "Add/Remove Program" item. Through the settings of these policy items, they play the role of protecting system files and applications in the computer.
9. Restricting the use of applications (Windows 2000/XP/2003)
If your computer has multiple users set up, we may not want other users to run some programs at will, and can also be set in Group Policy.
Open "Run only licensed Windows applications" in "Group Policy Console → User Configuration → Administrative Templates → System" and enable this policy, then click the "Show" button next to "Allowed Application List" below, and a "Show Content" dialog box pops up. Click the "Add" button here to add the allowed applications to run. In the future, ordinary users can only run the programs in the "Allowed Application List".