Clock > remove from notification area

User Configuration > Administrative Templates > Start Menu And Taskbar
…> Remove Clock From The System Notification Area policy = Enable

Control Panel > remove an icon

User Configuration > Administrative Templates > Control Panel branch
…> Hide Specified Control Panel Items policy = Enabled > Show button > type icon name

Control Panel > show only specified icons

User Configuration > Administrative Templates > Control Panel branch
…> Show Only Specified Control Panel Items = Enabled > Show button > type icon name

Delete confirmations > disable

User Configuration > Administrative Templates > Windows Components > Windows Explorer
…> Display Confirmation Dialog When Deleting Files = Disabled

Notification area > disable & remove

User Configuration > Administrative Templates > Start Menu And Taskbar
…> Hide The Notification Area policy = Enabled

Registry > prevent user access

User Configuration > Administrative Templates > System

…> Prevent Access To Registry Editing Tools = Enabled > Disable Regedit From Running Silently = Yes

Shutdown Event Tracker > enable

Computer Configuration > Administrative Templates > System

…> Display Shutdown Event Tracker = Enabled > Shutdown Event Tracker Should Be Displayed = Always

BitLocker encryption on non-TPM Windows systems

All that is needed is a couple tweaks to Local Policy Settings, a Flash drive, and a few hours to allow encryption to happen.

>> To get started, open the Windows 7 Start menu and enter Group Policy in the search box. From here, open the Local Group Policy Editor.

>> To locate the settings for Bit-Locker, navigate to: Computer Configuration | Administrative Templates |Windows Components…
…|Bit-Locker Drive Encryption | Operating System Drives.

>> After selecting Operating System Drives in the folder list, double-click on the policy setting labeled Require Additional Authentication
At Startup.

>> On the properties page, select the Enabled setting to turn the policy on and then check the box under Options labeled “Allow BitLocker
Without A Compatible TPM”. This requires a USB flash drive on which to store the BitLocker Key.

>> Once you have checked this box, several other drop-down options will become available, because they are all related to TPM modules;
you can ignore them when configuring this setting.

>> After configuring the policy to allow non-TPM authentication, click OK to save and close the policy.

Note: When configuring policies in Windows 7 and Windows Server 2008, the dialog box provides space to make comments which are
stored with that policy. I would recommend that you add the date and your name to the comments box just in case you need to track
down the changes made.

>> Setting up BitLocker

1. Open the Bit-Locker encryption settings manager by searching for Bit Locker or by visiting System and Security in the Control Panel.

2. When the management tool opens, it will show you all of the drives detected in your system.

3. Click Turn On Bit Locker.

>> You will be asked to configure your BitLocker options based on the selections made when you configured the Local policy.
In this case, you will need to provide a USB device to store the BitLocker key. In Figure C, the BitLocker wizard asks for the
USB drive where the authentication key will be saved. Insert the device and click Next to write the key.

>> When you click Next, the BitLocker key will be added to the flash drive and the wizard will ask you to create a recovery key
just in case the authentication key gets lost.

Note: It is not recommended to keep the recovery key for your encrypted drive on the encrypted drive because you will
be unable to access it in the event you lose your authentication flash drive.

>> Once the keys are all set, Bit Locker will ask you to encrypt the operating system disk. Once the process starts, you can
continue to use your computer as you normally would, but depending on the size of the drive, the encryption process can
take quite a long time. When I encrypted my laptop drive, the entire process took about eight hours for a drive 285 GB in size.


>> Once the process has completed, you will need to reboot your computer to begin using the encrypted drive; as soon as
you restart, you will need your authentication key to access your system. This works similarly to a system with a TPM chip,
except you will need to insert the USB flash drive to start the computer.