Group Policy differences between Windows 10 Enterprise and Windows 10 Pro

This document lists all known Group Policy differences between Windows 10 Pro and the Windows 10 Enterprise/Windows 10 Education. Microsoft might change the Group Policy behavior in feature upgrades. This wiki doc is about the latest release, which currently is Windows 10 1511.

This Microsoft document gives a general overview of the differences between the Windows 10 editions.

If you know of another Group Policy difference between the Windows 10 editions, please update the document. Only registered 4sysops members can edit wiki docs.

The following Group Policies only work in Windows 10 Enterprise/Education and not in Windows 10 Pro. A number of the settings described below refer to a folder with several Group Policies that are related to the corresponding features. The descriptions are from Microsoft.

AppLocker

Description

Allows you to specify which users or groups can run particular applications in your organization based on unique identities of files.

Path

Computer Configuration > Windows Settings > Security Settings > Application Control Polices > AppLocker

Additional Information

Windows AppLocker

BranchCache

Description

BranchCache copies content from your main office or hosted cloud content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN.

Path

Computer Configuration > Network > BranchCache

Additional Information

BranchCache Client Configuration

Credential Guard

Description

Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.

Path

Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security

Additional Information

Configure Credential Guard via Group Policy

DirectAccess

Description

DirectAccess allows connectivity to organizational network resources without the need for traditional virtual private network (VPN) connections.

Path

Computer Configuration > Administrative Templates > Network > DirectAccess Client Experience Settings

Additional Information

Configure the DirectAccess Infrastructure

Device Guard

Description

Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies.

Path

Computer Configuration > Administrative Templates > System > Device Guard

Additional Information

Device Guard deployment guide

Force a specific default lock screen image

Description

This setting allows you to force a specific default lock screen image by entering the path (location) of the image file.

Policy path

Computer Configuration > Administrative Templates > Control Panel > Personalization

Additional information

Windows spotlight on the lock screen

Start layout

Update: Readers reported that this feature works in Windows 10 Pro even though Microsoft advertises this functionality for Windows 10 Enterprise.

Description

This setting lets you specify the Start layout for users and prevents them from changing its configuration.

Path

Computer Configuration > Administrative Templates > Start Menu and Taskbar

User Configuration > Administrative Templates > Start Menu and Taskbar

Additional information

Manage Windows 10 Start layout options

Turn off access to the Store application

Description

This policy setting specifies whether to use the Store service (for finding an application) to open a file with an unhandled file type or protocol association.