A practical guide to opening, understanding, applying, troubleshooting, and safely resetting local policy settings in Windows 10 and Windows 11.
The Local Group Policy Editor is a Microsoft Management Console snap-in used to configure advanced Windows behavior on a single computer. It is launched with the command gpedit.msc and is commonly used by administrators, technicians, and power users to control system features that are not always exposed in the regular Settings app.
With local policies, you can manage security options, Windows Update behavior, Microsoft Defender settings, Control Panel restrictions, Start menu and taskbar rules, device installation restrictions, scripts, login behavior, and many other operating system components.
Local Group Policy affects only the current computer. In a business domain, domain-based Group Policy from Active Directory or Microsoft management tools can override local settings.
The Local Group Policy Editor is normally available in professional and business-oriented Windows editions. On consumer Home editions, the tool is not included by default, even though many underlying registry-based policy settings still exist.
| Windows Edition | gpedit.msc Availability | What It Means |
|---|---|---|
| Windows 10/11 Pro | Included | You can open Local Group Policy Editor directly with gpedit.msc. |
| Windows 10/11 Enterprise | Included | Designed for managed environments and advanced administrative control. |
| Windows 10/11 Education | Included | Usually includes the same policy editor used in Pro and Enterprise editions. |
| Windows 10/11 Home | Not included by default | You may need Registry Editor, Settings, PowerShell, or a supported Windows edition instead. |
Many unofficial packages promise to add Group Policy Editor to Windows Home. They may be outdated, incomplete, or unsafe. For reliable administration, use a Windows edition that officially includes gpedit.msc or apply the equivalent documented registry policy manually.
The fastest method is the Run dialog, but there are several reliable ways to launch the editor.
Press Win+R, type gpedit.msc, and press Enter.
Open Start, search for Edit group policy, then select the result.
Beginner friendlyOpen Terminal, Command Prompt, or PowerShell and run gpedit.msc.
Run / CMD / PowerShellgpedit.msc
You do not always need to launch it as administrator, but changing many system-level policies requires an administrator account.
Most policy entries have three possible states. Understanding these states is essential because Not Configured does not always mean the feature is enabled or disabled. It usually means Windows uses its default behavior or another policy source.
| Policy State | Meaning | When to Use It |
|---|---|---|
| Not Configured | The local policy does not enforce a value. | Use this to return a setting to default behavior or allow other policy sources to decide. |
| Enabled | The policy is active. | Use when you want Windows to enforce the behavior described by the policy. |
| Disabled | The policy is explicitly turned off. | Use when you want to block the behavior described by the policy. |
Before changing a policy, open it and read the description panel. Some policies use inverse wording. For example, enabling a policy named Turn off... disables the feature.
Policy Editor contains hundreds of settings. The most useful areas are usually under Administrative Templates, Windows Components, System, and Security Settings.
Computer Configuration โ Administrative Templates โ Windows Components โ Windows Update
Computer Configuration โ Administrative Templates โ Microsoft Defender Antivirus
Computer Configuration โ Administrative Templates โ System โ Device Installation
User Configuration โ Administrative Templates โ Control Panel
User Configuration โ Administrative Templates โ Start Menu and Taskbar
Computer Configuration โ Windows Settings โ Security Settings โ Local Policies โ Security Options
Group Policy can change important Windows behavior immediately. Use a controlled workflow, especially when changing security, update, login, or device installation settings.
gpedit.msc.gpupdate /force or restart Windows if the policy requires a reboot.Keep a small change log: policy path, old value, new value, date, and reason. This makes rollback much easier when troubleshooting Windows behavior later.
Many local policies apply automatically, but some require a policy refresh, sign-out, restart, or service restart. Use the tools below to verify what Windows actually applied.
Command Prompt or PowerShellgpupdate /force
HTML report on the Desktopgpresult /h "%USERPROFILE%\Desktop\gpresult.html"
Run dialogrsop.msc
| Tool | Command | Purpose |
|---|---|---|
| Group Policy Update | gpupdate /force |
Refreshes local and domain policy processing. |
| Group Policy Results | gpresult /r |
Shows applied user and computer policies in the console. |
| HTML Report | gpresult /h report.html |
Creates a readable report that is easier to review and save. |
| RSoP | rsop.msc |
Displays the Resultant Set of Policy in a graphical console. |
The safest way to undo a single setting is to open the same policy and set it back to Not Configured. If many local policies were changed and you need a broad reset, you can remove the local policy folders and refresh policy processing.
The commands below reset local policy files on the current PC. They do not remove domain policies, MDM policies, or registry changes made manually outside Group Policy.
Run as AdministratorRD /S /Q "%WinDir%\System32\GroupPolicy"
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
gpupdate /force
After running the commands, restart the computer. Then check the setting again in gpedit.msc, gpresult, or the affected Windows component.
First check your Windows edition. Press Win+R, run winver, and look at the edition line. If it says Home, Local Group Policy Editor is not included by default. Use Registry Editor equivalents, Settings, PowerShell, or upgrade to Pro if you need the official editor.
Run gpupdate /force, sign out, or restart the PC. Then generate a report with gpresult /h "%USERPROFILE%\Desktop\gpresult.html". Also check whether a domain, work or school account, MDM profile, or another management tool is overriding the local setting.
Greyed-out settings often mean a policy is enforcing the value. Search in gpedit.msc by category, check gpresult, and inspect related paths under Administrative Templates. If the PC belongs to an organization, the restriction may come from a domain or MDM policy rather than local policy.
Some policy templates remain for compatibility. Read the Supported on section inside the policy window. If the policy does not support your Windows version, changing it may have no effect.
No. Group Policy Editor is a structured administrative interface. Many policy settings are stored in the registry, but gpedit.msc adds descriptions, supported-version notes, and a safer interface for supported policies.
You can open the console without elevated rights in some cases, but changing computer-wide policies usually requires an administrator account.
Usually no. In managed environments, domain or MDM policies normally take precedence over local choices. Use gpresult to see which policy source is winning.
Administrative templates change over time. Microsoft can add, rename, deprecate, or move policy entries between Windows versions. Always confirm the supported Windows version inside the policy description.
Use the Local Group Policy Editor when you need a controlled, reversible way to configure advanced Windows behavior on a single computer. It is especially useful for security restrictions, update behavior, device rules, system components, and user interface controls.
For quick access, remember one command: gpedit.msc. For verification, remember gpupdate /force and gpresult /h report.html. These three commands cover the most common local policy workflow: open, apply, and verify.
Open the editor: Win + R โ gpedit.msc
Check Windows edition: winver
Refresh policies: gpupdate /force
Review applied policies: gpresult /h report.html
Safest rollback: set the changed policy back to Not Configured.