Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
CZ-PO-WIN-C-Operators Workstations Restriction
Data collected on: 2-9-2025 09:20:58
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-473619
Created3-12-2018 15:06:40
Modified13-2-2025 15:43:24
User Revisions19 (AD), 19 (SYSVOL)
Computer Revisions113 (AD), 113 (SYSVOL)
Unique ID{05ee252c-9bb1-4ee5-9257-f37e3b1c2a48}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ProductionNoEnabledemea.tpg.ads/CZ/Systems/Clients/BRQ/Production
ProductionNoEnabledemea.tpg.ads/CZ/Systems/Clients/HKR/Production
ProductionNoEnabledemea.tpg.ads/CZ/Systems/Clients/HOD/Production
ProductionYesEnabledemea.tpg.ads/CZ/Systems/Clients/PRB/Production
ProductionNoEnabledemea.tpg.ads/CZ/Systems/Clients/PRG/Production

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\CZ-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\Domain AdminsEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-473619Edit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Scripts
Startup
For this GPO, Script order: Not configured
NameParameters
LogON.ps1
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Deny log on locallyEMEA\CZ-G-ORG-ServiceAccounts
Deny log on through Terminal ServicesEMEA\CZ-G-ORG-ServiceAccounts
File System
%ProgramFiles% (x86)\ScreenMeetApp
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\HelpPane.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\winhlp32.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified21-11-2023 16:04:22
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified21-11-2023 16:04:22
%programfiles%\WindowsApps\Microsoft.WindowsStore*
Security LevelDisallowed
Description
Date last modified21-11-2023 16:05:14
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Settings Page VisibilityEnabledhttps://www.windowscentral.com/how-hide-settings-pages-windows-10-creators-update
Settings Page Visibility:showonly:display;mousetouchpad;regionlanguage;sound
Google/Google Update/Applications/Google Chrome
PolicySettingComment
Allow installationEnabled
PolicyAlways allow Installs (recommended)
PolicySettingComment
Update policy overrideEnabled
PolicyAlways allow updates (recommended)
Mozilla/Firefox
PolicySettingComment
Application AutoupdateEnabled
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
Floppy Drives: Deny execute accessEnabled
Floppy Drives: Deny read accessEnabled
Floppy Drives: Deny write accessEnabled
Removable Disks: Deny execute accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
WPD Devices: Deny read accessEnabled
WPD Devices: Deny write accessEnabled
System/User Profiles
PolicySettingComment
Delete cached copies of roaming profilesEnabled
Windows Components/File Explorer
PolicySettingComment
Set a default associations configuration fileEnabled
Default Associations Configuration File\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{05EE252C-9BB1-4EE5-9257-F37E3B1C2A48}\Machine\AssociationsOPE.xml
Windows Components/Game Explorer
PolicySettingComment
Turn off downloading of game informationEnabled
Turn off game updatesEnabled
Windows Components/Internet Explorer/Compatibility View
PolicySettingComment
Use Policy List of Internet Explorer 7 sitesEnabled
List of sites
tesco.org
Windows Components/OneDrive
PolicySettingComment
Prevent the usage of OneDrive for file storageEnabled
Windows Components/RSS Feeds
PolicySettingComment
Turn off background synchronization for feeds and Web SlicesEnabled
Windows Components/Search
PolicySettingComment
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Don't search the web or display web results in Search over metered connectionsEnabled
Windows Components/Store
PolicySettingComment
Disable all apps from Microsoft Store Enabled
Turn off Automatic Download and Install of updatesEnabled
Turn off the Store applicationEnabled
Windows Components/Windows Error Reporting
PolicySettingComment
Disable Windows Error ReportingEnabled
Windows Components/Windows Mail
PolicySettingComment
Turn off the communities featuresEnabled
Turn off Windows Mail applicationEnabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Windows Components/Windows SideShow
PolicySettingComment
Turn off Windows SideShowEnabled
Preferences
Windows Settings
Files
File (Target Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mapa znaku.lnk)
Mapa znaku.lnk (Order: 1)
General
ActionUpdate
Properties
Source file(s)\\emea.tpg.ads\SysVol\emea.tpg.ads\Policies\{05EE252C-9BB1-4EE5-9257-F37E3B1C2A48}\Machine\Mapa znaku.lnk
Destination fileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mapa znaku.lnk
Suppress errors on individual file actionsEnabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folders
Folder (Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools)
Administrative Tools (Order: 1)
General
ActionDelete
Attributes
PathC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Disabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersDisabled
Ignore errors for files/folders that cannot be deletedEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Folder (Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories)
Accessories (Order: 2)
General
ActionDelete
Attributes
PathC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Enabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersEnabled
Ignore errors for files/folders that cannot be deletedEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry
DisableFileSyncNGSC (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive
Value nameDisableFileSyncNGSC
Value typeREG_SZ
Value data1
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Services
Service (Name: wlansrv)
wlansrv (Order: 1)
General
Service namewlansrv
ActionStop service
Startup type:Automatic
Wait timeout if service is locked:30 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Start Menu and Taskbar
PolicySettingComment
Remove Run menu from Start MenuEnabled
Preferences
Windows Settings
Folders
Folder (Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell)
Windows PowerShell (Order: 1)
General
ActionDelete
Attributes
PathC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Enabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersEnabled
Ignore errors for files/folders that cannot be deletedEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo