Group Policy differences between Windows 10 Enterprise and Windows 10 Pro

This document lists all known Group Policy differences between Windows 10 Pro and the Windows 10 Enterprise/Windows 10 Education. Microsoft might change the Group Policy behavior in feature upgrades. This wiki doc is about the latest release, which currently is Windows 10 1511.

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

This Microsoft document gives a general overview of the differences between the Windows 10 editions.

If you know of another Group Policy difference between the Windows 10 editions, please update the document. Only registered 4sysops members can edit wiki docs.

The following Group Policies only work in Windows 10 Enterprise/Education and not in Windows 10 Pro. A number of the settings described below refer to a folder with several Group Policies that are related to the corresponding features. The descriptions are from Microsoft.

AppLocker ^

Description

Allows you to specify which users or groups can run particular applications in your organization based on unique identities of files.

Path

Computer Configuration > Windows Settings > Security Settings > Application Control Polices > AppLocker

Additional Information

Windows AppLocker

BranchCache ^

Description

BranchCache copies content from your main office or hosted cloud content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN.

Path

Computer Configuration > Network > BranchCache

Additional Information

BranchCache Client Configuration

Credential Guard ^

Description

Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.

Path

Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security

Additional Information

Configure Credential Guard via Group Policy

DirectAccess ^

Description

DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.

Path

Computer Configuration > Administrative Templates > Network > DirectAccess Client Experience Settings

Additional Information

Configure the DirectAccess Infrastructure

Device Guard ^

Description

Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies.

Path

Computer Configuration > Administrative Templates > System > Device Guard

Additional Information

Device Guard deployment guide

Force a specific default lock screen image ^

Description

This setting allows you to force a specific default lock screen image by entering the path (location) of the image file.

Policy path

Computer Configuration > Administrative Templates > Control Panel > Personalization

Additional information

Windows spotlight on the lock screen

Start layout ^

Update: Readers reported that this feature works in Windows 10 Pro even though Microsoft advertises this functionality for Windows 10 Enterprise.

Description

This setting lets you specify the Start layout for users and prevents them from changing its configuration.

Path

Computer Configuration > Administrative Templates > Start Menu and Taskbar

User Configuration > Administrative Templates > Start Menu and Taskbar

Additional information

Manage Windows 10 Start layout options

Turn off access to the Store application ^

Description

Turn off the Store application

Turn off the Store application

This policy setting specifies whether to use the Store service (for finding an application) to open a file with an unhandled file type or protocol association.

Policy path

Computer Configuration > Administrative Templates > Windows Components > Store

User Configuration > Administrative Templates > Windows Components > Store

Additional information

Can't disable Windows Store in Windows 10 Pro through Group Policy

Are you an IT pro? Apply for membership!

Your question was not answered? Ask in the forum!

1+
Share

Discussion (0)

There are no comments for this doc yet.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account