HMI ataupun Scada menggunakan Desktop sebagai media penggunaan fungsi-fungsinya. Dalam menjalankan fungsi control atau monitoring operational sebuah industri, Desktop perlu diamankan agar Desktop khusus berfungsi sebagai HMI ataupun Scada saja.
Mengamankan Desktop yang menggunakan Operating System Windows dapat menggunakan Multiple Local Group Policy Object (MLGPO) untuk Stand-alone Desktop.
Sebelum mengonfigurasi dari MLGPO Windows 10 pada tulisan ini, dibutuhkan 2 Group Akun Windows, yaitu Administrators dan Non-Administrators.
Management Console
Mengakses Multiple Local Group Policy Object menggunakan Group Policy Object Editor. Untuk melakukannya, harus menambahkan Group Policy Object Editor kedalam Microsoft Management Console untuk masing Group Policy Object untuk di-manage. Pada tulisan ini pernulis membuat Custom Management Console untuk MLGPO untuk memanage banyak MLGPO. Berikut tahap-tahapnya:
- Login pada Desktop menggunakan akun Administrator. kemudian membuka Microsoft Management Console dengan run WIN+R, ketik mmc.exe dan enter.
2. Pada jendela Console1, klik File ▶ Add/Remove Snap-in
3. Pada dialog Add or Remove Snap-ins terdapat list Available Snap-in, pilih Group Policy Object Editor, dan kemudian klik Add.
4. kemudian akan muncul dialog Select Group Policy Object, pastikan muncul Local Computer dibawah Group Policy Object. Kemudian klik Finish.
5. Menambahkan kembali Group Policy Object Editor seperti pada tahap 3.
6. Pada dialog Select Group Policy Object, klik browse. Pilih pada tab Users. klik Administrators Group, klik Ok dan Finish.
7. Menambahkan kembali Group Policy Object Editor, seperti pada tahap 3.
8. Pada dialog Select Group Policy Object, klik browse. Pilih pada tab Users. klik Non-Administrators Group, klik Ok dan Finish.
9. Di window Console1, klik File, klik Save dan klik Desktop. ketikkan MLGPO sebagai nama file dan klik Save.
Log off desktop atau restart Desktop untuk mengaktifkan MLGPO yang telah tersimpan.
Berikut tabel Local Group Policy yang perlu dikonfigurasi untuk membatasi Non-Administrator Group:
| Location | Policy | State | Option |
| User Configuration\Administrative Template\Start Menu and Taskbar | Add Logoff to the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Clear history of recently opened documents on exit | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Clear the recent programs list for new users | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not display any custom toolbars in the taskbar | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not keep history of recently opened documents | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not search files | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not search Internet | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not search programs | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not search communications | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Do not use the search-based method when resolving shell shortcuts | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Force classic Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Lock all taskbar settings | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Lock the Taskbar | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Prevent changes to Taskbar and Start Menu Settings | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Prevent grouping of taskbar items | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Prevent users from adding or removing toolbars | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Prevent users from resizing the taskbar | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Prevent users from rearranging toolbars | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove access to thecontext menus for the taskbar | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove All Programs list from the Start menu | Enabled | Remove and disable setting |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Balloon Tips on Start Menu items | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove common programgroups from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Default Programs link from the Start menu. | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Documents icon from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Drag-and-drop context menus on the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Favorites menu from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove frequent programs list from the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Games link from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Help menu from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove links and access to Windows Update | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Music icon from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Network icon from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Network Connections from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Pictures icon from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove pinned programs list from the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove programs on Settings menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Recent Items menu from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Run menu from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Search Computer link | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove Search link from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove the “Undock PC” button from the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove the networking icon | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove the volume control icon | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove user folder link from Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Remove user’s folders from the Start Menu | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Show QuickLaunch on Taskbar | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Turn off personalized menus | Enabled | |
| User Configuration\Administrative Template\Start Menu and Taskbar | Turn off user tracking | Enabled | |
| User Configuration\Administrative Template\ Desktop | Don’t save settings at exit | Enabled | |
| User Configuration\Administrative Template\ Desktop | Hide and disable all items on the desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Hide Internet Explorer icon on desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Hide Network Locations icon on desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Prohibit adjusting desktop toolbars | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove Computer icon on the desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove My Documents icon on the desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove Properties from the Computer icon context menu | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove Properties from the Documents icon context menu | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove Properties from the Recycle Bin context menu | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove Recycle Bin icon from desktop | Enabled | |
| User Configuration\Administrative Template\ Desktop | Remove the Desktop Cleanup Wizard | Enabled | |
| User Configuration\Administrative Template\Windows Components\Windows Sidebar | Turn off Windows Sidebar | Enabled |
