Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
EG-PO-WIN Direct access Client Setting
Data collected on: 2-9-2025 09:40:37
General
Details
DomainEMEA.TPG.ADS
OwnerS-1-5-21-513466819-3096973226-347852806-409962
Created15-3-2020 02:27:22
Modified9-2-2023 14:51:28
User Revisions5 (AD), 5 (SYSVOL)
Computer Revisions13 (AD), 13 (SYSVOL)
Unique ID{31c2454d-4c86-4828-aed1-8fb88af23925}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsNoDisabledemea.tpg.ads/EG/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\EG-G-ORG-DirectAccess Computers
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\EG-G-ORG-DirectAccess ComputersRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-409962Edit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
41.33.125.7341.33.125.7314-3-2025 19:44:29Server Authentication
DirectAccess-NLS.emea.tpg.adsDirectAccess-NLS.emea.tpg.ads14-3-2025 19:44:24Server Authentication

For additional information about individual settings, launch the Local Group Policy Object Editor.
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy version2.26
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptICMP
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Outbound Rules
NameDescription
Core Networking - IPHTTPS (TCP-Out)Outbound TCP rule to allow IPHTTPS tunneling technology to provide connectivity across HTTP proxies and firewalls.
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portIPTLSOut, IPHTTPSOut
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfilePrivate, Public
Network interface typeAll
Serviceiphlpsvc
GroupDirectAccess
Connection Security Settings
Rules
NameDescription
DirectAccess Policy-ClientToCorpSimplified
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
Authentication modeRequire inbound and outbound
Endpoint 1Any
Endpoint 2fdcc:9ad5:f6d6:1::/64, fdcc:9ad5:f6d6:7777::/96, fdcc:9ad5:f6d6:3333::1
Endpoint 1 portAny
Endpoint 2 portAny
First authentication{09A5736A-F97E-4427-8591-3C516544E5A8}
Second authentication{8FE01A29-0B72-4DDA-BF00-DE9DD7F1C35A}
Data protection{6664E94A-FEDB-4E49-97B2-E3D64A37C53A}
ProtocolAny
ProfilePrivate, Public
Tunnel endpoint 1Any
Tunnel endpoint 2Any
Network interface typeAny
DirectAccess Policy-ClientToDNS64NAT64PrefixExemption
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
Authentication modeDo not authenticate
Endpoint 1Any
Endpoint 2fdcc:9ad5:f6d6:7777::/96
Endpoint 1 portAny
Endpoint 2 portAny
ProtocolAny
ProfilePrivate, Public
Tunnel endpoint 1Any
Tunnel endpoint 2Any
Network interface typeAny
First Authentication
NameDescription
DirectAccess - Phase1 Authentication Set {09A5736A-F97E-4427-8591-3C516544E5A8}DirectAccess - Phase1 Authentication Set
Version2.26
AuthenticationComputer Kerberos
Second Authentication
NameDescription
DirectAccess - Phase2 Authentication Set {8FE01A29-0B72-4DDA-BF00-DE9DD7F1C35A}DirectAccess - Phase2 Authentication Set
Version2.26
AuthenticationUser Kerberos
Key Exchange (Main Mode)
NameDescription
Default setDirectAccess - Phase1 Crypto Set
Version2.26
Key lifetime in minutes480
Key lifetime in sessions0
Skip version2.0
Key exchange Diffie-Hellman Group 2
Encryption AES-128
IntegrityMD5
Skip version0.0
Key exchange Diffie-Hellman Group 2
Encryption AES-128
IntegritySHA-1
Skip version0.0
Key exchange Diffie-Hellman Group 2
Encryption 3DES
IntegritySHA-1
Data Protection (Quick Mode)
NameDescription
DirectAccess - Phase2 Crypto Set {6664E94A-FEDB-4E49-97B2-E3D64A37C53A}DirectAccess - Phase2 Crypto Set
Version2.26
Perfect forward secrecy Disabled
Skip version0.0
ProtocolESP
Encryption AES-192
ESP integritySHA-1
Key lifetime in minutes60
Key lifetime in kilobytes100000
Skip version0.0
ProtocolESP
Encryption AES-128
ESP integritySHA-1
Key lifetime in minutes60
Key lifetime in kilobytes100000
Name Resolution Policy
Global Settings
Advanced
Global Settings
PolicyValue
Network Location DependencyNot Configured
Query FailureAlways fall back to Link-Local Multicast Name Resolution (LLMNR) and NetBIOS if the name does not exist in DNS or if the DNS servers are unreachable when on a private network (moderate secure)
Query ResolutionNot Configured
Rule Settings
Namespace
DirectAccess-NLS.emea.tpg.ads
PolicyValue
NamespaceDirectAccess-NLS.emea.tpg.ads
Certification AuthorityEmpty
ConfigurationDirectAccess
DNSSEC (Validation)Not Configured
DNSSEC (IPsec)Not Configured
DNSSEC (IPsec Encryption)Not Configured
DirectAccess (IPsec)No
DirectAccess (IPsec Encryption)No encryption (integrity only)
DirectAccess (Proxy Settings)Use default
DirectAccess (Web Proxy)Empty
DirectAccess (DNS servers)Empty
Generic DNS ServersNot Configured
EncodingNot Configured
Version1
.tpg.ads
PolicyValue
Namespace.tpg.ads
Certification AuthorityEmpty
ConfigurationDirectAccess
DNSSEC (Validation)Not Configured
DNSSEC (IPsec)Not Configured
DNSSEC (IPsec Encryption)Not Configured
DirectAccess (IPsec)No
DirectAccess (IPsec Encryption)No encryption (integrity only)
DirectAccess (Proxy Settings)Do not use web proxy
DirectAccess (Web Proxy)Empty
DirectAccess (DNS servers)fdcc:9ad5:f6d6:7777::a7c:650c
Generic DNS ServersNot Configured
EncodingNot Configured
Version1
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/DirectAccess Client Experience Settings
PolicySettingComment
Corporate ResourcesEnabled
Corporate Resources
HTTP:http://directaccess-WebProbeHost.emea.tpg.ads
PolicySettingComment
Friendly NameEnabled
Friendly NameTeleperformance Egypt
PolicySettingComment
IPsec Tunnel EndpointsEnabled
DTEs
PING:fdcc:9ad5:f6d6:1000::1
PING:fdcc:9ad5:f6d6:1000::2
PolicySettingComment
Prefer Local Names AllowedEnabled
Support Email AddressEnabled
Support EmailIthelpdesk@eg.teleperformance.com
PolicySettingComment
User InterfaceEnabled
Network/Network Connectivity Status Indicator
PolicySettingComment
Specify corporate DNS probe host addressEnabled
Corporate DNS Probe Address:fdcc:9ad5:f6d6:7777::7f00:1
Specify the expected DNS address for the
corporate host name to probe.
Example:
2001:4898:28:3:38a1:c31:7b3d:bf0
PolicySettingComment
Specify corporate DNS probe host nameEnabled
Corporate DNS Probe Hostname:directaccess-corpConnectivityHost.emea.tpg.ads
Specify a corporate host name to resolve
to probe for corporate connectivity.
Example:
ncsi.corp.microsoft.com
PolicySettingComment
Specify corporate site prefix listEnabled
Corporate Site Prefix List:fdcc:9ad5:f6d6:1::/64,fdcc:9ad5:f6d6:7777::/96,fdcc:9ad5:f6d6:1000::1/128,fdcc:9ad5:f6d6:1000::2/128
Specify the list of corporate IPv6 site prefixes
to check for reachability to detect corporate
connectivity.
Syntax:
The list should be comma-separated with no
extra whitespace.
Example:
fe80::/9,fe81::/9
PolicySettingComment
Specify corporate Website probe URLEnabled
Corporate Website Probe URL:http://directaccess-WebProbeHost.emea.tpg.ads
Specify the URL of the corporate website to
use to probe for corporate connectivity.
Example:
http://ncsi.corp.microsoft.com/
PolicySettingComment
Specify domain location determination URLEnabled
Corporate Domain Location Determination URL:https://DirectAccess-NLS.emea.tpg.ads:62000/insideoutside
Specify the HTTPS URL of the corporate website to
use to determine inside or outside domain location.
Example:
https://nid.corp.microsoft.com/
Network/TCPIP Settings/IPv6 Transition Technologies
PolicySettingComment
Set IP-HTTPS StateEnabled
Enter the IPHTTPS Url:https://41.33.125.73:443/IPHTTPS
Select Interface state from the following options:Default State
System/Kerberos
PolicySettingComment
Disable revocation checking for the SSL certificate of KDC proxy serversEnabled
Specify KDC proxy servers for Kerberos clientsEnabled
Define KDC proxy servers settings: 
*<https 41.33.125.73 />
Syntax:
Enter the DNS suffix name as the Value Name.
DNS suffix name allows three formats with decreasing preference order:
Full Match: host.contoso.com
Suffix Match: .contoso.com
Default Match: *
Enter the proxy server names as the Value.
The proxy server names must be enclosed with tags <https />
To add multiple proxy server names, separate entries with a space or comma ","
Example:
Value Name: .contoso.com
Value: <https proxy1.contoso.com proxy2.contoso.com />
Another Example:
Value Name: *
Value: <https proxy.contoso.com />
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\Config\GlobalVersion{D1D40403-5864-4F6B-9D85-30CC14C3A78F}
SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\Config\SiteVersion{CA5F947E-2DED-44B1-93E2-A36720B94B83}
SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\Config\TimeStamp20200315014906.083000+000
SOFTWARE\Policies\Microsoft\Windows\Tcpip\v6Transition\IPHTTPS\iphttpsinterface\InterfaceRole0
SOFTWARE\Policies\Microsoft\Windows\Tcpip\v6Transition\IPHTTPS\iphttpsinterface\IPHTTPS_NoRevocationCheck1
SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\SMB1NATCompatibilityLevel1
User Configuration (Enabled)
No settings defined.