Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
AE-PO-ADM-C LLS BitLocker
Data collected on: 2-9-2025 09:44:33
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-367117
Created9-4-2020 21:51:24
Modified9-2-2023 14:52:16
User Revisions19 (AD), 19 (SYSVOL)
Computer Revisions327 (AD), 327 (SYSVOL)
Unique ID{b88da97c-9ad3-47b9-8294-46ace9db5e67}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
DXBYesEnabledemea.tpg.ads/AE/Systems/Clients/DXB

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\AE-L-SEC-Windows 10 Policies Computer Settings
S-1-5-21-513466819-3096973226-347852806-388765
S-1-5-21-513466819-3096973226-347852806-388917
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\AE-L-SEC-Windows 10 Policies Computer SettingsRead (from Security Filtering)No
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-367117Edit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-388765Read (from Security Filtering)No
S-1-5-21-513466819-3096973226-347852806-388917Read (from Security Filtering)No
Computer Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
System/Group Policy
PolicySettingComment
Configure Logon Script DelayEnabled
minute:2
PolicySettingComment
Configure scripts policy processingEnabled
Allow processing across a slow network connectionEnabled
Do not apply during periodic background processingDisabled
Process even if the Group Policy objects have not changedDisabled
Windows Components/BitLocker Drive Encryption
PolicySettingComment
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)Enabled
Select the encryption method for operating system drives:XTS-AES 256-bit
Select the encryption method for fixed data drives:XTS-AES 256-bit
Select the encryption method for removable data drives:AES-CBC 128-bit (default)
PolicySettingComment
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)Enabled
Require BitLocker backup to AD DSEnabled
If selected, cannot turn on BitLocker if backup fails (recommended default).
If not selected, can turn on BitLocker even if backup fails. Backup is not automatically retried.
Select BitLocker recovery information to store:Recovery passwords and key packages
A recovery password is a 48-digit number that unlocks access to a BitLocker-protected drive.
A key package contains a drive's BitLocker encryption key secured by one or more recovery passwords
Key packages may help perform specialized recovery when the disk is damaged or corrupted.
Windows Components/BitLocker Drive Encryption/Fixed Data Drives
PolicySettingComment
Choose how BitLocker-protected fixed drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardDisabled
Save BitLocker recovery information to AD DS for fixed data drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Backup recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for fixed data drivesEnabled
Windows Components/BitLocker Drive Encryption/Operating System Drives
PolicySettingComment
Choose how BitLocker-protected operating system drives can be recoveredEnabled
Allow data recovery agentEnabled
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Allow 256-bit recovery key
Omit recovery options from the BitLocker setup wizardDisabled
Save BitLocker recovery information to AD DS for operating system drivesEnabled
Configure storage of BitLocker recovery information to AD DS:Store recovery passwords and key packages
Do not enable BitLocker until recovery information is stored to AD DS for operating system drivesEnabled
Windows Components/Windows PowerShell
PolicySettingComment
Turn on Script ExecutionEnabled
Execution PolicyAllow all scripts
Preferences
Windows Settings
Registry
ActiveDirectoryBackup (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\TPM
Value nameActiveDirectoryBackup
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
RequireActiveDirectoryBackup (Order: 2)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\TPM
Value nameRequireActiveDirectoryBackup
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ExecutionPolicy (Order: 3)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
Value nameExecutionPolicy
Value typeREG_SZ
Value dataUnrestricted
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ExecutionPolicy (Order: 4)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
Value nameExecutionPolicy
Value typeREG_SZ
Value dataUnrestricted
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.