Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
DACH-PO-WIN-Default Security Settings for Server
Data collected on: 2-9-2025 09:15:49
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-242371
Created3-8-2018 11:09:44
Modified18-4-2024 14:32:48
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions374 (AD), 374 (SYSVOL)
Unique ID{f75bfb94-4052-4552-8f4c-0bc482788af1}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/BA/Systems/Servers
ServersNoEnabledemea.tpg.ads/CH/Systems/Servers
ServersNoEnabledemea.tpg.ads/DE/Systems/Servers
ServersNoEnabledemea.tpg.ads/MK/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\BA-L-SEC-Default Server Security Settings
EMEA\CH-L-SEC-Default Security Settings for Server
EMEA\DACH-L-SEC-Default Security Settings for Server
EMEA\MK-L-SEC-Default Server Security Settings
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\BA-L-SEC-Default Server Security SettingsRead (from Security Filtering)No
EMEA\CH-L-SEC-Default Security Settings for ServerRead (from Security Filtering)No
EMEA\DACH-L-SEC-Default Security Settings for ServerRead (from Security Filtering)No
EMEA\DE-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\MK-L-SEC-Default Server Security SettingsRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkNT AUTHORITY\Authenticated Users, BUILTIN\Administrators
Adjust memory quotas for a processNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators
Allow log on locallyBUILTIN\Backup Operators, BUILTIN\Administrators
Allow log on through Terminal ServicesBUILTIN\Administrators
Change the system timeNT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators
Create a pagefileBUILTIN\Administrators
Force shutdown from a remote systemBUILTIN\Administrators
Generate security auditsNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Administrators
Lock pages in memory
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Perform volume maintenance tasksBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Profile system performanceNT SERVICE\WdiServiceHost, BUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Restore files and directoriesBUILTIN\Backup Operators, BUILTIN\Administrators
Shut down the systemBUILTIN\Administrators
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Domain Controller
PolicySetting
Domain controller: LDAP server signing requirementsRequire signing
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Domain member: Disable machine account password changesDisabled
Domain member: Require strong (Windows 2000 or later) session keyEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Number of previous logons to cache (in case domain controller is not available)0 logons
Interactive logon: Require Domain Controller authentication to unlock workstationEnabled
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Allow anonymous SID/Name translationDisabled
Network access: Do not allow anonymous enumeration of SAM accountsEnabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Do not allow storage of passwords and credentials for network authenticationEnabled
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Network security: LDAP client signing requirementsRequire signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversEnabled
Require NTLMv2 session securityEnabled
Require 128-bit encryptionEnabled
System Cryptography
PolicySetting
System cryptography: Force strong key protection for user keys stored on the computerUser is prompted when the key is first used
Preferences
Windows Settings
Registry
Collection: Security Updates for Internet Explorer (June 2017) (104892)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: iexplore.exe
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: iexplore.exe
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow) (111688)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverride
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: FeatureSettingsOverrideMask
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverrideMask
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE) (78447)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: Enabled
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Value nameEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: Enabled
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
Value nameEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: MS15-124: Cumulative Security Update for Internet Explorer (3116180)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: iexplore.exe
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: iexplore.exe
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: Windows Speculative Execution Configuration Check
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverride
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x2048 (8264)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: FeatureSettingsOverrideMask
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverrideMask
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: Disabling TLS 1.0 / CO 326817
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: Enabled
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
Value nameEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: DisabledByDefault
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: Enabled
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
Value nameEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry item: DisabledByDefault
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Collection: Microsoft Windows LM / NTLMv1 Authentication Enabled / CO 343773
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: LmCompatibilityLevel
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Lsa
Value nameLmCompatibilityLevel
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.