Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
ES-PO-WIN-ADM-C-Restrictions GISP Servers
Data collected on: 2-9-2025 12:55:49
General
Details
Domainemea.tpg.ads
OwnerEMEA\estevez.10-adm
Created27-5-2025 16:26:34
Modified28-5-2025 14:13:10
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{457d7886-2a71-4d71-883b-6fb71f80de6e}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/ES/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ES-L-SEC-Restrictions GISP Servers
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-Restrictions GISP ServersRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkBUILTIN\Administrators, NT AUTHORITY\Authenticated Users
Adjust memory quotas for a processBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Allow log on locallyBUILTIN\Administrators, BUILTIN\Backup Operators
Change the system timeBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE
Generate security auditsNT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Lock pages in memory
Shut down the systemBUILTIN\Administrators
Local Policies/Security Options
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Devices: Restrict CD-ROM access to locally logged-on user onlyEnabled
Devices: Restrict floppy access to locally logged-on user onlyEnabled
Interactive Logon
PolicySetting
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Smart card removal behaviorForce Logoff
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Allow anonymous SID/Name translationDisabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Do not allow storage of passwords and credentials for network authenticationEnabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireDisabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversEnabled
Require NTLMv2 session securityEnabled
Require 128-bit encryptionEnabled
Shutdown
PolicySetting
Shutdown: Allow system to be shut down without having to log onDisabled
Shutdown: Clear virtual memory pagefileEnabled
System Cryptography
PolicySetting
System cryptography: Force strong key protection for user keys stored on the computerUser is prompted when the key is first used
Other
PolicySetting
Interactive logon: Don't display username at sign-inEnabled
Network security: Configure encryption types allowed for KerberosEnabled
DES_CBC_CRCEnabled
DES_CBC_MD5Enabled
RC4_HMAC_MD5Enabled
AES128_HMAC_SHA1Enabled
AES256_HMAC_SHA1Enabled
Future encryption typesEnabled
System Services
Bluetooth Support Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Client License Service (ClipSVC) (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
DHCP Client (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Device Management Wireless Application Protocol (WAP) Push message Routing Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Human Interface Device Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Mobile Hotspot Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Geolocation Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Downloaded Maps Manager (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Distributed Transaction Coordinator (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Net.Tcp Port Sharing Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Phone Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
PimIndexMaintenanceSvc_14e467a (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
PimIndexMaintenanceSvc_1c7b3db (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
PimIndexMaintenanceSvc_40c4d4 (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
PimIndexMaintenanceSvc_a8a7d6f (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
IPsec Policy Agent (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Access Connection Manager (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Registry (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Radio Management Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Internet Connection Sharing (ICS) (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Print Spooler (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Image Acquisition (WIA) (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Touch Keyboard and Handwriting Panel Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Telephony (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
UnistoreSvc_14e467a (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UnistoreSvc_1c7b3db (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UnistoreSvc_40c4d4 (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UnistoreSvc_a8a7d6f (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UserDataSvc_14e467a (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UserDataSvc_1c7b3db (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UserDataSvc_40c4d4 (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
UserDataSvc_a8a7d6f (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Insider Service (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Microsoft Account Sign-in Assistant (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/Network Provider
PolicySettingComment
Hardened UNC PathsEnabled
Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.
Hardened UNC Paths: 
\\*\NETLOGONRequireMutualAuthentication=1, RequireIntegrity=1
\\*\SYSVOLRequireMutualAuthentication=1, RequireIntegrity=1
You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
User Configuration (Enabled)
No settings defined.