Remove Apps from Start:
https://social.technet.microsoft.com/Forums/en-US/b694628c-0f34-419c-873c-8c5163a5261a/how-do-i-remove-all-programs-from-appearing-in-start-menu?forum=windowssteadystate
Change registry via reg file via GPO:
https://blogs.technet.microsoft.com/askds/2007/08/14/deploying-custom-registry-changes-through-group-policy/
Lock screen timeout:
Computer Conifg>Policies>Windows Settings>Security Settings>Local Policies>Security Options and find Interactive logon: Machine inactivity limit
Screen saver config:
User Config.>Admin. Templates>Control Panel>Persomalization
Enable screen saver
Prevent changing screen saver
Password protect the screen saver
Screen saver timeout
Force specific screen saver
Disable user confirmation while shadowing user’s session:
Chose – Set rules for remote control of Remote Desktop Services users sessions
https://community.spiceworks.com/topic/478662-rdp-disable-the-please-wait-for-user-to-respond-prompt
Enable or disable displaying file extensions (Active Directory only):
https://www.dtonias.com/show-hide-extensions-for-known-file-types/123
User Configuration – Preferences – Control Panel Settings – Folder Options
Here, right-click Folder Option and then click Folder Options (At least Windows Vista) in the New menu.
In the folder settings window that opens, uncheck Hide extensions for known file types on the Advanced tab. Click OK to save the Group Policy setting and then apply it through the Group Policy Management Console.
Allow user to log in locally:
Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment
Folder Redirection HowTo:
https://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/