Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
BNL-PO-WIN-ADM-U-User Laptop WFM Restriction and Hardening
Data collected on: 2-9-2025 10:51:33
General
Details
Domainemea.tpg.ads
OwnerEMEA\langras.5-adm
Created18-10-2022 09:09:08
Modified21-3-2023 08:56:58
User Revisions53 (AD), 53 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{747e215f-752e-4d62-b733-aca18799620b}
GPO StatusComputer settings disabled
Links
LocationEnforcedLink StatusPath
None

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
None
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\langras.5-admEdit settings, delete, modify securityNo
EMEA\NL-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Disabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified4-11-2022 15:30:25
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified4-11-2022 15:30:25
c:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe
Security LevelDisallowed
Descriptiondisallow paint, other version
Date last modified4-11-2022 15:30:35
c:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe
Security LevelDisallowed
DescriptionDisallow use of Paint
Date last modified4-11-2022 15:30:42
c:\Program Files\WindowsApps\Microsoft.ScreenSketch*
Security LevelDisallowed
Descriptiondisallow Snip and Sketch
Date last modified4-11-2022 15:30:59
c:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
Security LevelDisallowed
Descriptiondisallow windows security
Date last modified4-11-2022 15:31:08
firefox.exe
Security LevelDisallowed
Descriptiondisallow firefox
Date last modified4-11-2022 15:31:14
greenshot.exe
Security LevelDisallowed
Descriptiongreenshot.exe
Date last modified4-11-2022 15:34:39
Microsoft.Photos.exe
Security LevelDisallowed
DescriptionDisallow "Photos" and "Video's" Win10 UWP apps
Date last modified4-11-2022 15:31:30
mspaint.exe
Security LevelDisallowed
DescriptionBlock mspaint for all GESCP users
Date last modified4-11-2022 15:31:42
notepad.exe
Security LevelDisallowed
Descriptiondisallow notepad.exe
Date last modified4-11-2022 15:31:52
paint.exe
Security LevelDisallowed
DescriptionDisallow paint.exe
Date last modified4-11-2022 15:32:00
PaintStudio.View.exe
Security LevelDisallowed
DescriptionDisallow Paint3d
Date last modified4-11-2022 15:32:06
ScreenSketch.exe
Security LevelDisallowed
Descriptiondisallow screensketch
Date last modified4-11-2022 15:32:13
services.msc
Security LevelDisallowed
Descriptiondisallow services.msc
Date last modified4-11-2022 15:32:19
snippingtool.exe
Security LevelDisallowed
Descriptiondisallow snipping tool
Date last modified4-11-2022 15:32:26
wmplayer.exe
Security LevelDisallowed
DescriptionDisalllow Windows Media Player to run
Date last modified4-11-2022 15:32:34
wordpad.exe
Security LevelDisallowed
Descriptiondisallow wordpad.exe
Date last modified4-11-2022 15:32:42
Folder Redirection
Start Menu
Setting: Not configured
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Settings Page VisibilityEnabled
Settings Page Visibility:showonly:mousetouchpad;display;regionformatting;easeofaccess;keyboard;sound;network-proxy
PolicySettingComment
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.RegionAndLanguage
Microsoft.Mouse
Intl.cpl
Main.cpl
Desk.cpl
Microsoft.Display
Mail
mlcfg32.cpl
Control Panel/Personalization
PolicySettingComment
Force a specific visual style file or force Windows ClassicEnabled
Path to Visual Style:
To select Aero type:
%windir%\resources\Themes\Aero\aero.msstyles
To select a different visual style, type:
ie: \\<server>\share\Corp.msstyles
To select Windows Classic, leave the box
above blank and enable this setting
PolicySettingComment
Prevent changing desktop backgroundEnabled
Control Panel/Printers
PolicySettingComment
Point and Print RestrictionsDisabled
Desktop
PolicySettingComment
Do not add shares of recently opened documents to Network LocationsEnabled
Hide and disable all items on the desktopEnabled
Hide Network Locations icon on desktopEnabled
Prevent adding, dragging, dropping and closing the Taskbar's toolbarsEnabled
Prohibit User from manually redirecting Profile FoldersEnabled
Remove My Documents icon on the desktopEnabled
Remove Properties from the Computer icon context menuEnabled
Remove Properties from the Documents icon context menuEnabled
Remove Properties from the Recycle Bin context menuEnabled
Remove the Desktop Cleanup WizardEnabled
Microsoft Office 2016/Disable Items in User Interface
PolicySettingComment
Turn off screen clippingEnabled
Microsoft Outlook 2016/Outlook Options/Preferences/Calendar Options
PolicySettingComment
Disable Weather BarEnabled
Shared Folders
PolicySettingComment
Allow shared folders to be publishedDisabled
Start Menu and Taskbar
PolicySettingComment
Add Logoff to the Start MenuEnabled
Do not search communicationsEnabled
Hide the notification areaDisabled
Prevent users from customizing their Start ScreenDisabled
Remove access to the context menus for the taskbarEnabled
Remove Balloon Tips on Start Menu itemsEnabled
Remove common program groups from Start MenuDisabled
Remove Default Programs link from the Start menu.Enabled
Remove Documents icon from Start MenuEnabled
Remove Downloads link from Start MenuEnabled
Remove Favorites menu from Start MenuEnabled
Remove Games link from Start MenuEnabled
Remove Help menu from Start MenuEnabled
Remove Homegroup link from Start MenuEnabled
Remove links and access to Windows UpdateEnabled
Remove Music icon from Start MenuEnabled
Remove Network Connections from Start MenuEnabled
Remove Network icon from Start MenuEnabled
Remove Notifications and Action CenterEnabled
Remove Pictures icon from Start MenuEnabled
Remove pinned programs from the TaskbarDisabled
Remove pinned programs list from the Start MenuDisabled
Remove Recent Items menu from Start MenuEnabled
Remove Recorded TV link from Start MenuEnabled
Remove Run menu from Start MenuEnabled
Remove Search Computer linkEnabled
Remove Search link from Start MenuEnabled
Remove See More Results / Search Everywhere linkEnabled
Remove the "Undock PC" button from the Start MenuEnabled
Remove the networking iconDisabled
Remove the People Bar from the taskbarEnabled
Remove the Security and Maintenance iconEnabled
Remove user folder link from Start MenuEnabled
Remove Videos link from Start MenuEnabled
Show QuickLaunch on TaskbarEnabled
Turn off all balloon notificationsEnabled
Turn off feature advertisement balloon notificationsEnabled
Turn off notification area cleanupEnabled
Turn off personalized menusEnabled
System
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?No
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
System/Ctrl+Alt+Del Options
PolicySettingComment
Remove Task ManagerEnabled
System/Driver Installation
PolicySettingComment
Turn off Windows Update device driver search promptEnabled
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Windows Components/Attachment Manager
PolicySettingComment
Default risk level for file attachmentsEnabled
Set the default risk levelLow Risk
PolicySettingComment
Do not preserve zone information in file attachmentsEnabled
Inclusion list for low file typesEnabled
Specify low risk extensions (include a leading period, e.g. .bmp;.gif;)..lnk
Windows Components/Cloud Content
PolicySettingComment
Do not suggest third-party content in Windows spotlightEnabled
Do not use diagnostic data for tailored experiencesEnabled
Turn off all Windows spotlight featuresEnabled
Turn off the Windows Welcome ExperienceEnabled
Turn off Windows Spotlight on Action CenterEnabled
Windows Components/File Explorer
PolicySettingComment
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbonEnabled
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict A, B, C and D drives only
PolicySettingComment
Hides the Manage item on the File Explorer context menuEnabled
No Computers Near Me in Network LocationsEnabled
No Entire Network in Network LocationsEnabled
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsRestrict A, B, C and D drives only
PolicySettingComment
Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
Remove CD Burning featuresEnabled
Remove DFS tabEnabled
Remove Search button from File ExplorerEnabled
Remove Security tabEnabled
Remove Shared Documents from My ComputerEnabled
Turn off caching of thumbnail picturesEnabled
Turn off Windows Key hotkeysEnabled
Turn on Classic ShellDisabled
Windows Components/File Explorer/Previous Versions
PolicySettingComment
Hide previous versions list for local filesEnabled
Hide previous versions list for remote filesEnabled
Hide previous versions of files on backup locationEnabled
Windows Components/Internet Explorer
PolicySettingComment
Disable changing Automatic Configuration settingsEnabled
Turn off tabbed browsingDisabled
Windows Components/Internet Explorer/Browser menus
PolicySettingComment
Tools menu: Disable Internet Options... menu optionEnabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Empty Temporary Internet Files folder when browser is closedEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Computer ManagementDisabled
Local Users and GroupsDisabled
ServicesDisabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\WindowsMovieMaker\MovieMaker1
Preferences
Windows Settings
Folders
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group1)
Group1 (Order: 1)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group1
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group2)
Group2 (Order: 2)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group2
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX\Group3)
Group3 (Order: 3)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX\Group3
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %userprofile%\AppData\Local\Microsoft\Windows\WinX)
WinX (Order: 4)
General
ActionUpdate
Attributes
Path%userprofile%\AppData\Local\Microsoft\Windows\WinX
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
{031E4825-7B94-4dc3-B131-E946B44C8DD5} (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 2)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 3)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DelegateSentItemsStyle (Order: 4)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Office\15.0\Outlook\Preferences
Value nameDelegateSentItemsStyle
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
NOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK (Order: 5)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings
Value nameNOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SearchboxTaskbarMode (Order: 6)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Search
Value nameSearchboxTaskbarMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ShowTaskViewButton (Order: 7)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value nameShowTaskViewButton
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Microsoft.QuickAction.ScreenClipping (Order: 8)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Quick Actions\Control Center\Unpinned
Value nameMicrosoft.QuickAction.ScreenClipping
Value typeREG_BINARY
Value data
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo