Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
EG-PO-ADM-C-CIS
Data collected on: 2-9-2025 09:21:18
General
Details
Domainemea.tpg.ads
OwnerEMEA\ygalal.5
Created12-12-2018 10:48:00
Modified31-10-2023 14:32:34
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions112 (AD), 112 (SYSVOL)
Unique ID{2cf9658b-75a0-443c-8e0a-5389675006d5}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ServersYesEnabledemea.tpg.ads/EG/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\EG-L-SEC-Servers Computers policies CIS
EMEA\EG-L-SEC-Servers Policies
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\EG-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\EG-L-SEC-Servers Computers policies CISRead (from Security Filtering)No
EMEA\EG-L-SEC-Servers PoliciesRead (from Security Filtering)No
EMEA\ygalal.5Edit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Limit local account use of blank passwords to console logon onlyDisabled
Network Access
PolicySetting
Network access: Let Everyone permissions apply to anonymous usersEnabled
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/DNS Client
PolicySettingComment
Turn off multicast name resolutionEnabled
Network/Fonts
PolicySettingComment
Enable Font ProvidersDisabled
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Lanman Workstation
PolicySettingComment
Enable insecure guest logonsDisabled
Network/Link-Layer Topology Discovery
PolicySettingComment
Turn on Mapper I/O (LLTDIO) driverDisabled
Turn on Responder (RSPNDR) driverDisabled
Network/Microsoft Peer-to-Peer Networking Services
PolicySettingComment
Turn off Microsoft Peer-to-Peer Networking ServicesEnabled
Network/Network Connections
PolicySettingComment
Prohibit use of Internet Connection Sharing on your DNS domain networkEnabled
Require domain users to elevate when setting a network's locationEnabled
Network/Network Provider
PolicySettingComment
Hardened UNC PathsEnabled
Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.
Hardened UNC Paths: 
\\segca070.teleperformance.com.eg\*RequireMutualAuthentication=1, RequireIntegrity=1
\\*\NETLOGONRequireMutualAuthentication=1, RequireIntegrity=1
\\*\SYSVOLRequireMutualAuthentication=1, RequireIntegrity=1
\\egcaifs01.emea.tpg.ads\*RequireMutualAuthentication=1, RequireIntegrity=1
\\egagzfs01.emea.tpg.ads\*RequireMutualAuthentication=1, RequireIntegrity=1
You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.
Network/Windows Connect Now
PolicySettingComment
Configuration of wireless settings using Windows Connect NowDisabled
Prohibit access of the Windows Connect Now wizardsEnabled
Network/Windows Connection Manager
PolicySettingComment
Minimize the number of simultaneous connections to the Internet or a Windows DomainEnabled
Minimize Policy Options1 = Minimize simultaneous connections
System/Audit Process Creation
PolicySettingComment
Include command line in process creation eventsDisabled
System/Credentials Delegation
PolicySettingComment
Remote host allows delegation of non-exportable credentialsEnabled
System/Early Launch Antimalware
PolicySettingComment
Boot-Start Driver Initialization PolicyEnabled
Choose the boot-start drivers that can be initialized:Good, unknown and bad but critical
System/Group Policy
PolicySettingComment
Configure registry policy processingEnabled
Do not apply during periodic background processingDisabled
Process even if the Group Policy objects have not changedEnabled
PolicySettingComment
Continue experiences on this deviceDisabled
Turn off background refresh of Group PolicyDisabled
System/Kerberos
PolicySettingComment
Support device authentication using certificateEnabled
Device authentication behavior using certificate:Automatic
System/Locale Services
PolicySettingComment
Disallow copying of user input methods to the system account for sign-inEnabled
System/Logon
PolicySettingComment
Do not enumerate connected users on domain-joined computersEnabled
Enumerate local users on domain-joined computersEnabled
Turn off app notifications on the lock screenEnabled
Turn off picture password sign-inEnabled
Turn on convenience PIN sign-inEnabled
System/Mitigation Options
PolicySettingComment
Untrusted Font BlockingEnabled
Mitigation OptionsBlock untrusted fonts and log events
System/Power Management/Sleep Settings
PolicySettingComment
Require a password when a computer wakes (on battery)Enabled
Require a password when a computer wakes (plugged in)Enabled
System/Remote Assistance
PolicySettingComment
Configure Offer Remote AssistanceDisabled
Configure Solicited Remote AssistanceDisabled
System/Troubleshooting and Diagnostics/Microsoft Support Diagnostic Tool
PolicySettingComment
Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support providerDisabled
System/Troubleshooting and Diagnostics/Windows Performance PerfTrack
PolicySettingComment
Enable/Disable PerfTrackDisabled
System/User Profiles
PolicySettingComment
Turn off the advertising IDEnabled
Windows Components/App Package Deployment
PolicySettingComment
Allow a Windows app to share application data between usersDisabled
Windows Components/App runtime
PolicySettingComment
Allow Microsoft accounts to be optionalEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Disallow Autoplay for non-volume devicesEnabled
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Biometrics/Facial Features
PolicySettingComment
Configure enhanced anti-spoofingEnabled
Windows Components/Camera
PolicySettingComment
Allow Use of CameraDisabled
Windows Components/Cloud Content
PolicySettingComment
Turn off Microsoft consumer experiencesEnabled
Windows Components/Connect
PolicySettingComment
Require pin for pairingEnabled
Choose one of the following actions 
Windows Components/Credential User Interface
PolicySettingComment
Do not display the password reveal buttonEnabled
Enumerate administrator accounts on elevationDisabled
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow Diagnostic DataEnabled
Send required diagnostic data
PolicySettingComment
Configure Authenticated Proxy usage for the Connected User Experience and Telemetry serviceEnabled
 
PolicySettingComment
Do not show feedback notificationsEnabled
Toggle user control over Insider buildsDisabled
Windows Components/File Explorer
PolicySettingComment
Turn off Data Execution Prevention for ExplorerDisabled
Turn off heap termination on corruptionDisabled
Turn off shell protocol protected modeDisabled
Windows Components/Location and Sensors
PolicySettingComment
Turn off locationEnabled
Windows Components/Messaging
PolicySettingComment
Allow Message Service Cloud SyncDisabled
Windows Components/Microsoft account
PolicySettingComment
Block all consumer Microsoft account user authenticationEnabled
Windows Components/Microsoft Defender Antivirus/MAPS
PolicySettingComment
Configure local setting override for reporting to Microsoft MAPSDisabled
Join Microsoft MAPSDisabled
Windows Components/OneDrive
PolicySettingComment
Prevent the usage of OneDrive for file storageEnabled
Windows Components/RSS Feeds
PolicySettingComment
Prevent downloading of enclosuresEnabled
Windows Components/Search
PolicySettingComment
Allow Cloud SearchEnabled
Cloud Search SettingDisable Cloud Search
PolicySettingComment
Allow indexing of encrypted filesDisabled
Windows Components/Software Protection Platform
PolicySettingComment
Turn off KMS Client Online AVS ValidationEnabled
Windows Components/Windows Ink Workspace
PolicySettingComment
Allow suggested apps in Windows Ink WorkspaceDisabled
Allow Windows Ink WorkspaceDisabled
Windows Components/Windows Installer
PolicySettingComment
Allow user control over installsDisabled
Prevent Internet Explorer security prompt for Windows Installer scriptsDisabled
Windows Components/Windows PowerShell
PolicySettingComment
Turn on PowerShell Script Block LoggingDisabled
Turn on PowerShell TranscriptionDisabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\Windows\PreviewBuilds\EnableConfigFlighting0
Preferences
Windows Settings
Registry
FeatureSettingsOverride (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x48 (72)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.