Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
AL-SEC-WIN-C-Security Settings PCI TEST
Data collected on: 2-9-2025 09:52:14
General
Details
Domainemea.tpg.ads
OwnerEMEA\likaj.7-adm
Created13-1-2021 10:21:12
Modified9-2-2023 14:58:22
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions11 (AD), 11 (SYSVOL)
Unique ID{7a1b447f-590c-43bc-b615-62b7120c7216}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoDisabledemea.tpg.ads/AL/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\AL-G-ORG-Computers configuration PCI TEST
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\AL-G-ORG-Computers configuration PCI TESTRead (from Security Filtering)No
EMEA\AL-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\likaj.7-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Administrator account statusEnabled
Accounts: Guest account statusEnabled
Accounts: Rename administrator account"Administrator"
Accounts: Rename guest account"Guest"
Domain Member
PolicySetting
Domain member: Maximum machine account password age60 days
Interactive Logon
PolicySetting
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Message text for users attempting to log onThis computer system is the property of Teleperformance., Use of this computer system is restricted to official Teleperformance business., Teleperformance reserves the right to monitor use of the computer system at any time., Use of this system constitutes consent to such monitoring., Any unauthorized access, use, or modification of the computer system can result in civil, liability and/or criminal penalties.
Interactive logon: Prompt user to change password before expiration14 days
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft network client: Send unencrypted password to third-party SMB serversDisabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Shutdown
PolicySetting
Shutdown: Clear virtual memory pagefileEnabled
Other
PolicySetting
Interactive logon: Machine account lockout threshold5 invalid logon attempts
Interactive logon: Machine inactivity limit300 seconds
Event Log
PolicySetting
Maximum application log size3072000 kilobytes
Maximum security log size3072000 kilobytes
Maximum system log size3072000 kilobytes
Retain application log90 days
Retain security log90 days
Retain system log90 days
Retention method for application logBy days
Retention method for security logBy days
Retention method for system logBy days
System Services
Windows Defender Firewall (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Registry (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Update (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Public Key Policies/Certificate Path Validation Settings/Trusted Publishers
PolicySetting
Trusted Publishers can be managed by:All administrators and users
Verify that certificate is not revoked when addingDisabled
Verify that certificate has a valid time stamp when addingDisabled
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified22-8-2018 12:21:59
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified22-8-2018 12:21:59
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy version2.28
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOn
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNo
Allow unicast responsesYes
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Inbound Rules
NameDescription
IN Domain ANY ANY
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
ProtocolAny
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface typeAll
ServiceAll programs and services
Allow edge traversalFalse
Group
Outbound Rules
NameDescription
OUT Domain ANY ANY
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
ProtocolAny
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface typeAll
ServiceAll programs and services
Group
Connection Security Settings
Advanced Audit Configuration
Account Logon
PolicySetting
Audit Credential ValidationSuccess, Failure
Audit Kerberos Authentication ServiceSuccess, Failure
Audit Kerberos Service Ticket OperationsSuccess, Failure
Audit Other Account Logon EventsSuccess, Failure
Account Management
PolicySetting
Audit Computer Account ManagementSuccess, Failure
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess, Failure
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess
Audit LogoffSuccess
Audit LogonSuccess, Failure
Audit Special LogonSuccess, Failure
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
System
PolicySetting
Audit IPsec DriverSuccess, Failure
Audit Security State ChangeSuccess, Failure
Audit System IntegritySuccess, Failure
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/User Accounts
PolicySettingComment
Apply the default account picture to all usersEnabled
Network/DNS Client
PolicySettingComment
DNS suffix search listEnabled
DNS Suffixes:emea.tpg.ads,teleperformance.it
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound Remote Desktop exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Prohibit notificationsEnabled
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requestsDisabled
Windows Defender Firewall: Protect all network connectionsEnabled
Network/Network Connections/Windows Defender Firewall/Standard Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound Remote Desktop exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Prohibit notificationsEnabled
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requestsDisabled
Windows Defender Firewall: Protect all network connectionsEnabled
Network/Offline Files
PolicySettingComment
Allow or Disallow use of the Offline Files featureDisabled
Prevent use of Offline Files folderEnabled
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
PolicySettingComment
Remove "Make Available Offline" commandEnabled
Synchronize all offline files before logging offDisabled
Synchronize all offline files when logging onDisabled
Synchronize offline files before suspendDisabled
System/Group Policy
PolicySettingComment
Configure user Group Policy loopback processing modeEnabled
Mode:Merge
System/Logon
PolicySettingComment
Always wait for the network at computer startup and logonEnabled
System/User Profiles
PolicySettingComment
Do not log users on with temporary profilesEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Desktop Gadgets
PolicySettingComment
Restrict unpacking and installation of gadgets that are not digitally signed.Enabled
Turn off desktop gadgetsEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require use of specific security layer for remote (RDP) connectionsEnabled
Security LayerSSL
Choose the security layer from the drop-down list.
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Windows Components/Windows Update/Manage end user experience
PolicySettingComment
Configure Automatic UpdatesDisabled
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Do not connect to any Windows Update Internet locationsEnabled
Preferences
Windows Settings
Registry
CWDIllegalInDllSearch (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager
Value nameCWDIllegalInDllSearch
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Disabling RC4 in .NET TLS
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: SchUseStrongCrypto
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: SchUseStrongCrypto
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
User (Name: Administrator (built-in))
Administrator (built-in) (Order: 1)
Local User
ActionUpdate
Properties
User nameAdministrator (built-in)
User must change password at next logonFalse
User cannot change passwordFalse
Password never expiresFalse
Account is disabledFalse
Account expires5/18/2019
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
User Configuration (Disabled)
No settings defined.