Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
DE-PO-WIN-C-Computer Settings VDI
Data collected on: 2-9-2025 09:10:53
General
Details
Domainemea.tpg.ads
OwnerEMEA\Domain Admins
Created6-2-2018 11:46:36
Modified9-2-2023 14:46:54
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions78 (AD), 78 (SYSVOL)
Unique ID{710c5c94-706f-42a2-ab03-f39eb738fefe}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
VDINoEnabledemea.tpg.ads/DE/Systems/Clients/VDI

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
S-1-5-21-513466819-3096973226-347852806-572620
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\DE-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-572620Read (from Security Filtering)No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Allow log on through Terminal ServicesEMEA\Domain Admins, EMEA\DE-L-SEC-Delegation Remote Desktop Access
Deny log on locallyEMEA\DE-L-SEC-Local logon denied on Client Systems
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Guest account statusDisabled
Accounts: Rename administrator account"adonis"
Accounts: Rename guest account"gaston"
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Event Log
PolicySetting
Maximum application log size3072000 kilobytes
Maximum security log size3072000 kilobytes
Maximum system log size3072000 kilobytes
System Services
Browser (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Registry (Startup Mode: Automatic)
Permissions
TypeNamePermission
AllowBUILTIN\AdministratorsFull Control
AllowNT AUTHORITY\SYSTEMFull Control
AllowNT AUTHORITY\INTERACTIVERead
Auditing
TypeNameAccess
FailureEveryoneFull Control
Shell Hardware Detection (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Telephony (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%ProgramFiles% (x86)\VERA Client
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%ProgramFiles%\VERA Client
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Public Key Policies/Certificate Path Validation Settings/Trusted Publishers
PolicySetting
Trusted Publishers can be managed by:All administrators and users
Verify that certificate is not revoked when addingDisabled
Verify that certificate has a valid time stamp when addingDisabled
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified16-3-2012 14:17:45
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified16-3-2012 14:17:45
C:\Program Files\MSN Gaming Zone\
Security LevelDisallowed
DescriptionMSN Games
Date last modified16-3-2012 14:24:46
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/Offline Files
PolicySettingComment
Allow or Disallow use of the Offline Files featureDisabled
Prevent use of Offline Files folderEnabled
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
PolicySettingComment
Remove "Make Available Offline" commandEnabled
Synchronize all offline files before logging offDisabled
Synchronize all offline files when logging onDisabled
Synchronize offline files before suspendDisabled
VMware Blast
PolicySettingComment
Configure clipboard redirectionEnabled
Configure clipboard redirectionDisabled in both directions
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require use of specific security layer for remote (RDP) connectionsEnabled
Security LayerSSL
Choose the security layer from the drop-down list.
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
Windows Components/Windows Update/Manage end user experience
PolicySettingComment
Remove access to use all Windows Update featuresEnabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\Windows\WindowsUpdate\ManagePreviewBuilds1
Software\Policies\Microsoft\Windows\WindowsUpdate\ManagePreviewBuildsPolicyValue0
Software\Policies\Mozilla\lockPref\security.enable_ssl30
Software\Policies\Mozilla\lockPref\security.enable_tls1
Preferences
Windows Settings
Files
File (Target Path: C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config)
security.config (Order: 1)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework v2\security.config
Destination fileC:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework\v4.0.30319\Config\security.config)
security.config (Order: 2)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\FrameWork V4\security.config
Destination fileC:\windows\Microsoft.NET\Framework\v4.0.30319\Config\security.config
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config)
security.config (Order: 3)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework x64 V2\security.config
Destination fileC:\windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config\security.config)
security.config (Order: 4)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework x64 V4\security.config
Destination fileC:\windows\Microsoft.NET\Framework64\v4.0.30319\Config\security.config
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch)
security.config.cch (Order: 5)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework v2\security.config.cch
Destination fileC:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework\v4.0.30319\Config\security.config.cch)
security.config.cch (Order: 6)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\FrameWork V4\security.config.cch
Destination fileC:\windows\Microsoft.NET\Framework\v4.0.30319\Config\security.config.cch
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch)
security.config.cch (Order: 7)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework x64 V2\security.config.cch
Destination fileC:\windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\windows\Microsoft.NET\Framework64\v4.0.30319\Config\security.config.cch)
security.config.cch (Order: 8)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{710C5C94-706F-42A2-AB03-F39EB738FEFE}\Framework x64 V4\security.config.cch
Destination fileC:\windows\Microsoft.NET\Framework64\v4.0.30319\Config\security.config.cch
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
DisabledByDefault (Order: 1)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Item-level targeting: Operating System
AttributeValue
boolAND
not0
classNT
versionWIN7
typeNE
editionNE
spNE
DisabledByDefault (Order: 2)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Item-level targeting: Operating System
AttributeValue
boolAND
not0
classNT
versionWIN7
typeNE
editionNE
spNE
DisabledByDefault (Order: 3)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Item-level targeting: Operating System
AttributeValue
boolAND
not0
classNT
versionWIN7
typeNE
editionNE
spNE
DisabledByDefault (Order: 4)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
Value nameDisabledByDefault
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Item-level targeting: Operating System
AttributeValue
boolAND
not0
classNT
versionWIN7
typeNE
editionNE
spNE
InitialKeyboardIndicators (Order: 5)
General
ActionReplace
Properties
HiveHKEY_USERS
Key path.DEFAULT\Control Panel\Keyboard
Value nameInitialKeyboardIndicators
Value typeREG_SZ
Value data2
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
InitialKeyboardIndicators (Order: 6)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER (HKU\.DEFAULT)
Key pathControl Panel\Keyboard
Value nameInitialKeyboardIndicators
Value typeREG_SZ
Value data2
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
EnableIEHosting (Order: 7)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\.NETFramework
Value nameEnableIEHosting
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
EnableIEHosting (Order: 8)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\.NETFramework
Value nameEnableIEHosting
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
NoAutoUpdate (Order: 9)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSoftware\Policies\Microsoft\Windows\WindowsUpdate\AU
Value nameNoAutoUpdate
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
User Configuration (Disabled)
No settings defined.