Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
AE-PO-WIN-C-WinWorkstations
Data collected on: 2-9-2025 09:02:16
General
Details
Domainemea.tpg.ads
OwnerEMEA\ygalal.5
Created9-3-2017 12:16:36
Modified5-2-2025 14:59:06
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions231 (AD), 231 (SYSVOL)
Unique ID{1431936f-eb06-4928-9808-92e1820396df}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
DXBYesEnabledemea.tpg.ads/AE/Systems/Clients/DXB

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
None
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\AEDXB-G-ORG-AdminComputersCustomNo
Computer Configuration (Enabled)
Policies
Windows Settings
Scripts
Startup
For this GPO, Script order: Not configured
NameParameters
Localtpladmin-.bat
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history24 passwords remembered
Maximum password age60 days
Minimum password age1 days
Minimum password length12 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration30 minutes
Account lockout threshold6 invalid logon attempts
Reset account lockout counter after30 minutes
Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictionsEnabled
Maximum lifetime for service ticket600 minutes
Maximum lifetime for user ticket10 hours
Maximum lifetime for user ticket renewal7 days
Maximum tolerance for computer clock synchronization5 minutes
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Deny log on locallyEMEA\AE-G-ORG-ServiceAccounts
Deny log on through Terminal ServicesEMEA\AE-G-ORG-ServiceAccounts
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Administrator account statusEnabled
Accounts: Guest account statusDisabled
Accounts: Rename guest account"TP User"
Audit
PolicySetting
Audit: Shut down system immediately if unable to log security auditsDisabled
Devices
PolicySetting
Devices: Allow undock without having to log onEnabled
Devices: Prevent users from installing printer driversEnabled
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Disabled
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Domain member: Maximum machine account password age30 days
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELEnabled
Interactive logon: Message text for users attempting to log onThis computer system (including all hardware, software, and peripheral equipment) is the property of Teleperformance. Use of this computer system is restricted to official Teleperformance business. Teleperformance reserves the right to monitor use of the computer system at any time. Use of this system constitutes consent to such monitoring. Any unauthorized access, use, or modification of the computer system can result in civil liability and/or criminal penalties
Interactive logon: Message title for users attempting to log on"Warning Banner"
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft network client: Send unencrypted password to third-party SMB serversDisabled
Microsoft Network Server
PolicySetting
Microsoft network server: Amount of idle time required before suspending session15 minutes
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireDisabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Network security: Minimum session security for NTLM SSP based (including secure RPC) clientsEnabled
Require NTLMv2 session securityDisabled
Require 128-bit encryptionEnabled
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversEnabled
Require NTLMv2 session securityDisabled
Require 128-bit encryptionEnabled
Shutdown
PolicySetting
Shutdown: Clear virtual memory pagefileEnabled
Other
PolicySetting
Accounts: Block Microsoft accountsUsers can't add or log on with Microsoft accounts
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsDisabled
Network security: Allow Local System to use computer identity for NTLMEnabled
Network security: Allow LocalSystem NULL session fallbackDisabled
Network security: Allow PKU2U authentication requests to this computer to use online identities. Disabled
Network security: Configure encryption types allowed for KerberosEnabled
DES_CBC_CRCDisabled
DES_CBC_MD5Disabled
RC4_HMAC_MD5Disabled
AES128_HMAC_SHA1Enabled
AES256_HMAC_SHA1Enabled
Future encryption typesEnabled
Event Log
PolicySetting
Prevent local guests group from accessing application logEnabled
Prevent local guests group from accessing security logEnabled
Prevent local guests group from accessing system logEnabled
Retain application log90 days
Retain security log90 days
Retain system log90 days
Retention method for application logBy days
Retention method for security logBy days
Retention method for system logBy days
System Services
Windows Management Instrumentation (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
TPDXBVPN.teleperformance.com.egTPDXBVPN.teleperformance.com.eg30-12-2025 12:25:21<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Publishers Certificates
Issued ToIssued ByExpiration DateIntended Purposes
TPDXBVPN.teleperformance.com.egTPDXBVPN.teleperformance.com.eg30-12-2025 12:25:21<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Advanced Audit Configuration
Account Management
PolicySetting
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess
Audit LogoffSuccess
Audit LogonSuccess, Failure
Audit Special LogonSuccess, Failure
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
System
PolicySetting
Audit Security State ChangeSuccess, Failure
Audit System IntegritySuccess, Failure
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Microsoft Edge
PolicySettingComment
Enable the Collections featureDisabled
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Define inbound program exceptionsEnabled
Define program exceptions:
Olympus.AgentDesktop.exe
Specify the program to allow or block.
Syntax:
<Path>:<Scope>:<Status>:<Name>
<Path> is the program path and file name
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds the
TEST.EXE program to the program exceptions list
and allows it to receive messages from 10.0.0.1,
or any system on the 10.3.4.x subnet:
%programfiles%\test.exe:10.0.0.1,10.3.4.0/24:enabled:Test program
Network/Network Connections/Windows Defender Firewall/Standard Profile
PolicySettingComment
Windows Defender Firewall: Define inbound program exceptionsEnabled
Define program exceptions:
Olympus.AgentDesktop.exe
Specify the program to allow or block.
Syntax:
<Path>:<Scope>:<Status>:<Name>
<Path> is the program path and file name
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds the
TEST.EXE program to the program exceptions list
and allows it to receive messages from 10.0.0.1,
or any system on the 10.3.4.x subnet:
%programfiles%\test.exe:10.0.0.1,10.3.4.0/24:enabled:Test program
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny execute accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Removable Disks: Deny execute accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Do not show feedback notificationsEnabled
Windows Components/File Explorer
PolicySettingComment
Set a default associations configuration fileEnabled
Default Associations Configuration File\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\{3E37B931-7978-40C4-BCB9-8EA5BE51E9D6}\Machine\Applications\FileAssociations.xml
PolicySettingComment
Start File Explorer with ribbon minimizedEnabled
Pick one of the following settings 
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections
PolicySettingComment
Allow users to connect remotely by using Remote Desktop ServicesEnabled
Windows Components/Search
PolicySettingComment
Allow CortanaDisabled
Preferences
Windows Settings
Files
File (Target Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_22406.1401.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe)
WinStore.App.exe (Order: 1)
General
ActionDelete
Properties
Destination fileC:\Program Files\WindowsApps\Microsoft.WindowsStore_22406.1401.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Folders
Folder (Path: C:\Windows\Help)
Help (Order: 1)
General
ActionDelete
Attributes
PathC:\Windows\Help
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Disabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersDisabled
Ignore errors for files/folders that cannot be deletedDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry
fDenyTSConnections (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Terminal Server
Value namefDenyTSConnections
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DisableFileTransfer (Order: 2)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Skype\Phone
Value nameDisableFileTransfer
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DisableFileTransfer (Order: 3)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Skype\Phone
Value nameDisableFileTransfer
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
HubsSidebarEnabled (Order: 4)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Edge
Value nameHubsSidebarEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
Group (Name: Administrators (built-in))
Administrators (built-in) (Order: 1)
Local Group
ActionUpdate
Properties
Group nameAdministrators (built-in)
Delete all member usersEnabled
Delete all member groupsEnabled
Add members
tpladmin
EMEA\EMEA-G-ORG-Local Workstation and Server AdminsS-1-5-21-513466819-3096973226-347852806-321520
EMEA\AE-G-ORG-Help Desk AdminsS-1-5-21-513466819-3096973226-347852806-258365
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.