Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
BNL-PO-WIN-ADM-U-User Laptop Restrictions and Hardening Restricted
Data collected on: 2-9-2025 10:00:21
General
Details
Domainemea.tpg.ads
OwnerEMEA\timmermans.5-adm
Created9-8-2021 10:16:02
Modified1-9-2025 15:36:32
User Revisions366 (AD), 366 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{60c02cee-4453-49fd-869f-8ac292872d89}
GPO StatusComputer settings disabled
Links
LocationEnforcedLink StatusPath
BENoEnabledemea.tpg.ads/BE
NLNoEnabledemea.tpg.ads/NL
SRNoEnabledemea.tpg.ads/SR

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning Restricted
EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning Restricted
EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning Restricted
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning RestrictedRead (from Security Filtering)No
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\NL-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning RestrictedRead (from Security Filtering)No
EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning RestrictedRead (from Security Filtering)No
EMEA\timmermans.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Disabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Folder Redirection
Start Menu
Setting: Not configured
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Settings Page VisibilityEnabled
Settings Page Visibility:showonly:mousetouchpad;display;regionformatting;easeofaccess;keyboard;sound;bluetooth;keyboard-advanced;regionlanguage-languageoptions;personalization-colors;colors;themes;fonts;personalization-lighting;personalization-start-places;privacy-microphone;display-advanced;taskbar;easeofaccess-colorfilter;easeofaccess-colorfilter-adaptivecolorlink;easeofaccess-colorfilter-bluelightlink;powersleep
PolicySettingComment
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.RegionAndLanguage
Microsoft.Mouse
Intl.cpl
Main.cpl
Desk.cpl
Microsoft.Display
Mail
mlcfg32.cpl
Control Panel/Personalization
PolicySettingComment
Force a specific visual style file or force Windows ClassicEnabled
Path to Visual Style:
To select Aero type:
%windir%\resources\Themes\Aero\aero.msstyles
To select a different visual style, type:
ie: \\<server>\share\Corp.msstyles
To select Windows Classic, leave the box
above blank and enable this setting
PolicySettingComment
Prevent changing desktop backgroundEnabled
Control Panel/Printers
PolicySettingComment
Point and Print RestrictionsDisabled
Control Panel/Regional and Language Options
PolicySettingComment
Hide Regional and Language Options administrative optionsEnabled
Restrict Language Pack and Language Feature InstallationEnabled
Desktop
PolicySettingComment
Do not add shares of recently opened documents to Network LocationsEnabled
Hide and disable all items on the desktopEnabled
Hide Network Locations icon on desktopEnabled
Prevent adding, dragging, dropping and closing the Taskbar's toolbarsEnabled
Prohibit User from manually redirecting Profile FoldersEnabled
Remove My Documents icon on the desktopEnabled
Remove Properties from the Computer icon context menuEnabled
Remove Properties from the Documents icon context menuEnabled
Remove Properties from the Recycle Bin context menuEnabled
Remove the Desktop Cleanup WizardEnabled
Microsoft Office 2016/Disable Items in User Interface
PolicySettingComment
Turn off screen clippingEnabled
Microsoft Outlook 2016/Outlook Options/Preferences/Calendar Options
PolicySettingComment
Disable Weather BarEnabled
Shared Folders
PolicySettingComment
Allow shared folders to be publishedDisabled
Start Menu and Taskbar
PolicySettingComment
Add Logoff to the Start MenuEnabled
Do not search communicationsEnabled
Prevent changes to Taskbar and Start Menu SettingsDisabled
Remove access to the context menus for the taskbarEnabled
Remove All Programs list from the Start menuEnabled
Choose one of the following actionsCollapse and disable setting
PolicySettingComment
Remove Balloon Tips on Start Menu itemsEnabled
Remove common program groups from Start MenuDisabled
Remove Default Programs link from the Start menu.Enabled
Remove Documents icon from Start MenuEnabled
Remove Downloads link from Start MenuEnabled
Remove Favorites menu from Start MenuEnabled
Remove Games link from Start MenuEnabled
Remove Help menu from Start MenuEnabled
Remove Homegroup link from Start MenuEnabled
Remove links and access to Windows UpdateEnabled
Remove Music icon from Start MenuEnabled
Remove Network Connections from Start MenuEnabled
Remove Network icon from Start MenuEnabled
Remove Pictures icon from Start MenuEnabled
Remove pinned programs from the TaskbarDisabled
Remove pinned programs list from the Start MenuDisabled
Remove Recent Items menu from Start MenuEnabled
Remove Recorded TV link from Start MenuEnabled
Remove Run menu from Start MenuEnabled
Remove Search Computer linkEnabled
Remove Search link from Start MenuEnabled
Remove See More Results / Search Everywhere linkEnabled
Remove the "Undock PC" button from the Start MenuEnabled
Remove the Meet Now iconEnabled
Remove the networking iconDisabled
Remove the People Bar from the taskbarEnabled
Remove the Security and Maintenance iconEnabled
Remove user folder link from Start MenuEnabled
Remove Videos link from Start MenuEnabled
Show "Run as different user" command on StartEnabled
Show QuickLaunch on TaskbarEnabled
Turn off all balloon notificationsEnabled
Turn off feature advertisement balloon notificationsEnabled
Turn off notification area cleanupDisabled
Turn off personalized menusEnabled
Start Menu and Taskbar/Notifications
PolicySettingComment
Turn off toast notifications on the lock screenEnabled
System
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?No
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
System/Ctrl+Alt+Del Options
PolicySettingComment
Remove Task ManagerEnabled
System/Driver Installation
PolicySettingComment
Turn off Windows Update device driver search promptEnabled
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Windows Components/Attachment Manager
PolicySettingComment
Default risk level for file attachmentsEnabled
Set the default risk levelLow Risk
PolicySettingComment
Do not preserve zone information in file attachmentsEnabled
Inclusion list for low file typesEnabled
Specify low risk extensions (include a leading period, e.g. .bmp;.gif;)..lnk
Windows Components/Cloud Content
PolicySettingComment
Do not suggest third-party content in Windows spotlightEnabled
Do not use diagnostic data for tailored experiencesEnabled
Turn off all Windows spotlight featuresEnabled
Turn off the Windows Welcome ExperienceEnabled
Turn off Windows Spotlight on Action CenterEnabled
Windows Components/File Explorer
PolicySettingComment
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbonEnabled
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict A, B, C and D drives only
PolicySettingComment
Hides the Manage item on the File Explorer context menuEnabled
No Computers Near Me in Network LocationsEnabled
No Entire Network in Network LocationsEnabled
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsRestrict A, B, C and D drives only
PolicySettingComment
Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
Remove CD Burning featuresEnabled
Remove DFS tabEnabled
Remove Search button from File ExplorerEnabled
Remove Security tabEnabled
Remove Shared Documents from My ComputerEnabled
Turn off caching of thumbnail picturesEnabled
Turn off Windows Key hotkeysEnabled
Turn on Classic ShellDisabled
Windows Components/File Explorer/Previous Versions
PolicySettingComment
Hide previous versions list for local filesEnabled
Hide previous versions list for remote filesEnabled
Hide previous versions of files on backup locationEnabled
Windows Components/Internet Explorer
PolicySettingComment
Disable changing Automatic Configuration settingsEnabled
Turn off tabbed browsingDisabled
Windows Components/Internet Explorer/Browser menus
PolicySettingComment
Tools menu: Disable Internet Options... menu optionEnabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Empty Temporary Internet Files folder when browser is closedEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Computer ManagementDisabled
Local Users and GroupsDisabled
ServicesDisabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\WindowsMovieMaker\MovieMaker1
Preferences
Windows Settings
Folders
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group1)
Group1 (Order: 1)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group1
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group2)
Group2 (Order: 2)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group2
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group3)
Group3 (Order: 3)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group3
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX)
WinX (Order: 4)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
{031E4825-7B94-4dc3-B131-E946B44C8DD5} (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 2)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 3)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DelegateSentItemsStyle (Order: 4)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Office\15.0\Outlook\Preferences
Value nameDelegateSentItemsStyle
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
NOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK (Order: 5)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings
Value nameNOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SearchboxTaskbarMode (Order: 6)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Search
Value nameSearchboxTaskbarMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ShowTaskViewButton (Order: 7)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value nameShowTaskViewButton
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Microsoft.QuickAction.ScreenClipping (Order: 8)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Quick Actions\Control Center\Unpinned
Value nameMicrosoft.QuickAction.ScreenClipping
Value typeREG_BINARY
Value data
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
PrintScreenKeyForSnippingEnabled (Order: 9)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Keyboard
Value namePrintScreenKeyForSnippingEnabled
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ScreenClipping.AppX4qm9f5mxaxadptn1dx5ecnnw9b9tddbz.mca (Order: 10)
General
ActionDelete
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Classes\Extensions\ContractId\Windows.Protocol\PackageId\MicrosoftWindows.Client.CBS_120.2212.4190.0_x64__cw5n1h2txyewy\ActivatableClassId\ScreenClipping.AppX4qm9f5mxaxadptn1dx5ecnnw9b9tddbz.mca
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
TaskbarDa (Order: 11)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value nameTaskbarDa
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
TaskbarMn (Order: 12)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value nameTaskbarMn
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SearchboxTaskbarMode (Order: 13)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Search
Value nameSearchboxTaskbarMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo