Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Default Domain Policy
Data collected on: 2-9-2025 08:43:41
General
Details
Domainemea.tpg.ads
OwnerEMEA\Domain Admins
Created8-6-2010 23:54:22
Modified9-2-2023 14:44:04
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions126 (AD), 126 (SYSVOL)
Unique ID{31b2f340-016d-11d2-945f-00c04fb984f9}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
emeaNoEnabledemea.tpg.ads
LaptopsNoEnabledemea.tpg.ads/BE/Systems/Clients/Laptops
CitrixBNLNoEnabledemea.tpg.ads/NL/Systems/CitrixBNL
LaptopsNoEnabledemea.tpg.ads/NL/Systems/Clients/Laptops
LaptopsNoEnabledemea.tpg.ads/SR/Systems/Clients/Laptops

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\EMEA-L-SEC-Delegation RSOP AccessReadNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-203252ReadNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history24 passwords remembered
Maximum password age60 days
Minimum password age1 days
Minimum password length12 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration30 minutes
Account lockout threshold6 invalid logon attempts
Reset account lockout counter after30 minutes
Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictionsEnabled
Maximum lifetime for service ticket600 minutes
Maximum lifetime for user ticket10 hours
Maximum lifetime for user ticket renewal7 days
Maximum tolerance for computer clock synchronization5 minutes
Local Policies/Security Options
Interactive Logon
PolicySetting
Interactive logon: Prompt user to change password before expiration14 days
Network Access
PolicySetting
Network access: Allow anonymous SID/Name translationDisabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireDisabled
Public Key Policies/Certificate Services Client - Auto-Enrollment Settings
PolicySetting
Automatic certificate managementEnabled
OptionSetting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificatesEnabled
Update and manage certificates that use certificate templates from Active DirectoryEnabled
Public Key Policies/Encrypting File System
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
administratoradministrator17-5-2110 19:18:43File Recovery

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
VeriSign Universal Root Certification AuthorityVeriSign Universal Root Certification Authority2-12-2037 00:59:59<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Publishers Certificates
Issued ToIssued ByExpiration DateIntended Purposes
DEFFMWSUS01.EMEA.TPG.ADSEMEA Subordinate CA7-9-2019 11:52:28Code Signing
FRPARWSUS01.EMEA.TPG.ADSEMEA Subordinate CA7-9-2019 11:45:38Code Signing

For additional information about individual settings, launch the Local Group Policy Object Editor.
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/Network Provider
PolicySettingComment
Hardened UNC PathsEnabled
Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.
Hardened UNC Paths: 
\\*\NETLOGONRequireMutualAuthentication=1, RequireIntegrity=1
\\*\SYSVOLRequireMutualAuthentication=1, RequireIntegrity=1
You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.
System/Net Logon/DC Locator DNS Records
PolicySettingComment
Try Next Closest SiteEnabled
Preferences
Windows Settings
Registry
MaxTokenSize (Order: 1)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value nameMaxTokenSize
Value typeREG_DWORD
Value data0xBB80 (48000)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.