Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
ES-PO-WIN-ADM-U-Restrictions GECSP ACM Allow Notepad
Data collected on: 2-9-2025 12:25:32
General
Details
Domainemea.tpg.ads
OwnerEMEA\cespedes.11-adm
Created8-11-2024 13:55:12
Modified20-5-2025 16:37:34
User Revisions21 (AD), 21 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{3d192599-1b72-472f-b8ea-5b600b33f42f}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ESNoEnabledemea.tpg.ads/ES

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ES-L-SEC-User Restriction GECSP ACM Allow Notepad
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-User Restriction GECSP ACM Allow NotepadRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Hash Rules
APPWIZ.CPL (10.0.17763.2028); APPWIZ; Shell Application Manager; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:06
bitsadmin.exe (7.8.17763.1); bitsadmin.exe; BITS administration utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:24
CACLS.EXE (10.0.17763.1); cacls; Control ACLs Program; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:49
Cmd.Exe (10.0.17763.1697); cmd; Windows Command Processor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:33:08
compmgmt.msc; 111 KB; 15/09/2018 8:12:44
Security LevelDisallowed
Description
Date last modified25-1-2024 17:33:27
CONTROL.EXE (10.0.17763.2300); Control; Windows Control Panel; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:33:42
eventvwr.exe (10.0.17763.1); eventvwr; Event Viewer Snapin Launcher; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:07
gpedit.msc; 144 KB; 15/09/2018 8:13:19
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:23
Help.Exe (10.0.17763.1); Help; Command Line Help Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:39
HelpPane.exe (10.0.17763.2989); HelpPane.exe; Microsoft Help and Support; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:54
mmc.exe (10.0.17763.1697); mmc.exe; Microsoft Management Console; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:35:13
PowerShell.EXE (10.0.17763.1); POWERSHELL; Windows PowerShell; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:04
powershell_ise.EXE (10.0.17763.1); POWERSHELL_ISE; Windows PowerShell ISE; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:14
REGEDIT.EXE (10.0.17763.1697); REGEDIT; Registry Editor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:26
regedt32.exe (10.0.17763.1); regedt32.exe; Registry Editor Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:50
services.msc; 91 KB; 15/09/2018 8:12:52
Security LevelDisallowed
Description
Date last modified25-1-2024 17:37:05
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified25-1-2024 17:30:23
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified25-1-2024 17:30:23
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Prohibit access to Control Panel and PC settingsEnabled
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.Display
Microsoft.Mouse
Control Panel/Personalization
PolicySettingComment
Enable screen saverEnabled
Force specific screen saverEnabled
Screen saver executable name%logonserver%\netlogon\valores.src
PolicySettingComment
Screen saver timeoutEnabled
Number of seconds to wait to enable the screen saver
Seconds:300
Control Panel/Printers
PolicySettingComment
Browse the network to find printersDisabled
Prevent addition of printersEnabled
Desktop/Desktop
PolicySettingComment
Desktop WallpaperEnabled
Wallpaper Name:C:\valores.jpg
Example: Using a local path: C:\windows\web\wallpaper\home.jpg
Example: Using a UNC path: \\Server\Share\Corp.jpg
Wallpaper Style:Fill
Google/Google Chrome
PolicySettingComment
Allow Dinosaur Easter Egg GameDisabled
Allow user feedbackDisabled
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
chrome://chrome-urls
chrome://download-internals
chrome://flags
chrome://net-export
chrome://net-internals
chrome://omnibox
chrome://policy
chrome://system
chrome://help
chrome://settings/help
chrome://inspect
PolicySettingComment
Control where Developer Tools can be usedEnabled
Control where Developer Tools can be usedDisallow usage of the Developer Tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com,external.delonghigroup.com
PolicySettingComment
Proxy settingsEnabled
Proxy settings
Google/Google Chrome - Default Settings (users can override)
PolicySettingComment
Enable reporting of usage and crash-related dataEnabled
Microsoft Edge
PolicySettingComment
Allow user feedbackDisabled
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
PolicySettingComment
Control where developer tools can be usedEnabled
Control where developer tools can be usedDon't allow using the developer tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com,external.delonghigroup.com
Microsoft Edge/Password manager and protection
PolicySettingComment
Enable saving passwords to the password managerDisabled
Microsoft Edge/Proxy server
PolicySettingComment
Proxy settingsEnabled
Proxy settings
Microsoft Edge/Startup, home page and new tab page
PolicySettingComment
Allow Microsoft content on the new tab pageDisabled
Configure the home page URLEnabled
Home page URLabout:blank
PolicySettingComment
Configure the new tab page URLEnabled
New tab page URLabout:blank
Mozilla/Firefox
PolicySettingComment
Block about:configEnabled
Block about:profilesEnabled
Block Add-ons ManagerEnabled
Define domains allowed to access Google WorkspaceEnabled
teleperformance.com,es.teleperformance.es,es.teleperformance.com
PolicySettingComment
Disable Developer ToolsEnabled
Disable Feedback CommandsEnabled
Password ManagerDisabled
Mozilla/Firefox/Proxy Settings
PolicySettingComment
Do not allow proxy settings to be changedEnabled
System
PolicySettingComment
Don't run specified Windows applicationsEnabled
List of disallowed applications
command.com
powershell.exe
helppane.exe
HELPCTR.EXE
PowerShell_ise.exe
cmd.exe
services.msc
appwiz.cpl
regedit.exe
regedt32.exe
compmgmt.msc
eventvwr.exe
control.exe
bitsadmin.exe
cacls.exe
help.exe
mmc.exe
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?Yes
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
PolicySettingComment
Restrict these programs from being launched from HelpEnabled
Enter executables separated by commas:cmd.exe,command.com,powershell.exe,appwiz.cpl,regedit.exe,regedt32.exe,compmgmt.msc,eventvwr.exe,gpedit.msc,services.msc,control.exe,bitsadmin.exe,cacls.exe,help.exe,mmc.exe,mstsc.exe,helppane.exe,winhlp32.exe,HELPCTR.EXE,PowerShell_ise.exe
Example: calc.exe,paint.exe
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Floppy Drives: Deny read accessEnabled
Floppy Drives: Deny write accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
Tape Drives: Deny read accessEnabled
Tape Drives: Deny write accessEnabled
WPD Devices: Deny read accessEnabled
WPD Devices: Deny write accessEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Turn off encryption supportEnabled
Secure Protocol combinationsUse TLS 1.2 and TLS 1.3
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict the user from entering author modeEnabled
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/RSS Feeds
PolicySettingComment
Prevent access to feed listEnabled
Windows Components/Task Scheduler
PolicySettingComment
Hide Advanced Properties Checkbox in Add Scheduled Task WizardEnabled
Hide Property PagesEnabled
Prevent Task Run or EndEnabled
Prohibit BrowseEnabled
Prohibit Drag-and-DropEnabled
Prohibit New Task CreationEnabled
Prohibit Task DeletionEnabled
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesEnabled
This policy setting must be set for the machine and the user to be enforced.
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled