Disable Control Panel PC Settings Using Intune Prohibit access

Let’s check how to disable control panel and PC settings using Intune. There is a group policy also available to prohibit access to Control Panel and PC Settings. In this post, we will see how to implement this for MEM Intune Managed devices easily.

The Intune Settings Catalog is the best place to go for all the policy settings in Intune (MEM). Microsoft recommends using setting catalog profiles to create and manage security policies for all Intune managed Windows devices.

The Settings app and the Control Panel are where users can go in and change a wide range of configurations. This can impact or create consistency in the user experience. The users would be able to change the system, network, account, and privacy settings. You can use this Policy from the MEM Intune admin center portal.

Patch My PC

You can use the following policy to stop users from playing around with the control panel and settings app. This Policy disables all Control Panel programs and the PC settings app from Windows devices.

Disable Control Panel PC Settings Using Intune Prohibit access
Disable Control Panel PC Settings Using Intune Prohibit access

This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings or run any of their items.

  • This setting removes Control Panel from: The Start screen File Explorer.
  • This setting removes PC settings from The Start screen Settings charm Account picture

Disable Control Panel PC Settings Using Intune

Let’s try to Disable Control Panel PC Settings using Intune settings catalog. This Policy will help the admins to deliver a consistent experience with all the end-user devices. This Policy will help to prohibit access to Control Panel and PC Settings using Intune.

1E Nomad

Let’s start creating the policy straightaway. You can perform registry changes to achieve the same results, but I won’t recommend doing the registry hack when a better option is available for you.

  • Login to Endpoint Manager Intune portal https://endpoint.microsoft.com/#home
  • Navigate to Devices -> Windows -> Configuration profiles.
  • Click on +Create Profile.
Disable Control Panel PC Settings Using Intune
Disable Control Panel PC Settings Using Intune

In Create Profile blade, You can select Platform: Select Windows 10 and later and Profile: Select Settings catalog (preview). Don’t worry about the preview tag there near to settings catalog. Microsoft fully supports this type of policy.

Click on the Create button. For Example – You have to select the platform Windows 10 and later. You can enter the details such as the name of the Policy and settings in the next screens.

Disable Control Panel PC Settings Using Intune Prohibit access 1
Disable Control Panel PC Settings Using Intune

Once you click on Create button from the above page, you will need to enter the Name and Description of the setting catalog policy.

Enter the name of the policy Name – Prohibit access to Control Panel and PC Settings and click on the next button to continue. I recommend using detailed descriptions so that colleagues can easily understand the details.

Disable Control Panel PC Settings Using Intune
Disable Control Panel PC Settings Using Intune

You can click on the +Add Settings link to bring up the new blade of the policy configuration wizard. This link will help with a new blade called the Settings Picker with a search box.

Settings catalog – With the settings catalog, you can choose which settings you want to configure. Click on Add settings to browse or search the catalog for the settings you want to configure.

Disable Control Panel PC Settings Using Intune
Disable Control Panel PC Settings Using Intune

Prohibit access to the control panel and PC settings Policy

Settings picker is your search engine for Intune settings catalog policies. You can use commas “,” among search terms to lookup settings by their keywords. Also, you have the option to filter the settings catalog policies based on the Windows editions.

The keyword that I will use here to disable Control Panel and PC Settings is Prohibit access to Control Panel and PC Settings, or you can use Control Panel as the keyword. You will need to click on the search button to show the results.

You will need to click on the Administrative Templates Control Panel and pick the setting called “Prohibit access to Control Panel and PC Settings (User).” Make sure you have selected that Policy as shown in the screen capture.

Now, you can close the Settings Picker blade.

Prohibit access to the control panel and PC settings Policy
Prohibit access to the control panel and PC settings Policy

Now, you will need to block or disable the control panel and PC settings for a set of devices. You will need to click on the slide button to enable the prohibit access to the control panel and PC settings. Click on the next button to continue.

NOTE! – This is a user-based policy, so it’s better to deploy it to the Azure AD user group instead of the device group.

Prohibit access to the control panel and PC settings Policy
Prohibit access to the control panel and PC settings Policy

This section will help you assign the “prohibit access to the control panel and PC settings” Policy to the AAD User Group. You can refer to the following guide to Create Intune Settings Catalog Policy and deploy it only to a set of Intune Managed Windows 11 or Windows 10 devices using Intune Filters.

I used all users’ deployment as an example for this particular policy deployment. I want to disable Allow Workplace for all the users. You can click on the Next button and add the Scope Tags on the next page.

You will need to click on the next and create buttons to complete the policy creation process.

Prohibit access to the control panel and PC settings Policy
Prohibit access to the control panel and PC settings Policy

Intune MDM Event ID 814

The Intune event ID 814 indicates a STRING value is applied as part of this Policy on the Windows 11 or Windows 10 devices. You can also see the exact value of the Policy being applied on those devices.

You can check the Event log path to confirm this – Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin.

MDM PolicyManager: Set policy string, Policy: (NoControlPanel), Area: (ADMX_ControlPanel), EnrollmentID requesting merge: (D1E11663-BF69-4DD8-974A-BAD47E6EF433), Current User: (S-1-5-21-2901188661-3025291148-348095268-1124), String: (), Enrollment Type: (0x6), Scope: (0x1).

 Intune MDM Event ID 814
Intune MDM Event ID 814

Registry Entries for Disable Control Panel PC Settings

The Registry Entries for Disable Control Panel and PC Settings using the following registry key when you use MDM or Windows CSP or Intune.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\D1E11663-BF69-4DD8-974A-BAD47E6EF433\default\S-1-5-21-2901188661-3025291148-348095268-1124\ADMX_ControlPanel

  • NoControlPanel – Enabled this means Control Panel and Settings apps will be disabled for Windows 10 and Windows 11 devices.
Registry Entries for Disable Control Panel PC Settings
Registry Entries for Disable Control Panel PC Settings

Conclusion Control Panel Restrictions

The implementation of the prohibit access to the control panel and PC settings policy was easy. Intune setting catalog workflow makes admin life easier.

The end-user experience can still see the settings app icon in the start menu (before and after logging off and restarting the PC). When I tried to open the control panel, a restrictions popup with the following message appeared.

Restrictions – When Control Panel is launched –The operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator.

Settings App – No specific error or popups; the settings app didn’t get launched.

 Conclusion Control Panel Restrictions
Conclusion Control Panel Restrictions

Author

Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…

1 thought on “Disable Control Panel PC Settings Using Intune Prohibit access”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.