Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
ES-PO-WIN-ADM-U-Restrictions GECSP W11
Data collected on: 2-9-2025 12:21:58
General
Details
Domainemea.tpg.ads
OwnerEMEA\cespedes.11-adm
Created9-10-2024 12:34:18
Modified10-10-2024 06:00:04
User Revisions58 (AD), 58 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{110a1da6-d69d-4ea8-bdfb-8e166b78030f}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
None

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ES-L-SEC-User Restriction GECSP W11
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-User Restriction GECSP W11Read (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Hash Rules
APPWIZ.CPL (10.0.17763.2028); APPWIZ; Shell Application Manager; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:10:00
bitsadmin.exe (7.8.17763.1); bitsadmin.exe; BITS administration utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:15:23
CACLS.EXE (10.0.17763.1); cacls; Control ACLs Program; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:15:39
Cmd.Exe (10.0.17763.1697); cmd; Windows Command Processor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:08:28
compmgmt.msc; 111 KB; 15/09/2018 8:12:44
Security LevelDisallowed
Description
Date last modified25-1-2024 17:12:57
CONTROL.EXE (10.0.17763.2300); Control; Windows Control Panel; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:15:01
eventvwr.exe (10.0.17763.1); eventvwr; Event Viewer Snapin Launcher; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:14:12
gpedit.msc; 144 KB; 15/09/2018 8:13:19
Security LevelDisallowed
Description
Date last modified25-1-2024 17:14:28
Help.Exe (10.0.17763.1); Help; Command Line Help Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:15:54
HelpPane.exe (10.0.17763.2989); HelpPane.exe; Microsoft Help and Support; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:17:09
mmc.exe (10.0.17763.1697); mmc.exe; Microsoft Management Console; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:16:08
mstsc.exe (10.0.17763.2867); mstsc.exe; Remote Desktop Connection; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:16:33
NOTEPAD.EXE (10.0.17763.5328); Notepad; Notepad; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified5-2-2024 09:14:20
PowerShell.EXE (10.0.17763.1); POWERSHELL; Windows PowerShell; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:07:56
powershell_ise.EXE (10.0.17763.1); POWERSHELL_ISE; Windows PowerShell ISE; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:08:07
REGEDIT.EXE (10.0.17763.1697); REGEDIT; Registry Editor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:11:11
regedt32.exe (10.0.17763.1); regedt32.exe; Registry Editor Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:10:17
services.msc; 91 KB; 15/09/2018 8:12:52
Security LevelDisallowed
Description
Date last modified25-1-2024 17:14:45
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified28-12-2023 18:30:09
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified28-12-2023 18:30:09
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Prohibit access to Control Panel and PC settingsEnabled
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.Display
Microsoft.Mouse
Control Panel/Personalization
PolicySettingComment
Enable screen saverEnabled
Force specific screen saverEnabled
Screen saver executable name%logonserver%\netlogon\valores.scr
PolicySettingComment
Password protect the screen saverEnabled
Screen saver timeoutEnabled
Number of seconds to wait to enable the screen saver
Seconds:300
Control Panel/Printers
PolicySettingComment
Browse the network to find printersDisabled
Prevent addition of printersEnabled
Desktop
PolicySettingComment
Hide and disable all items on the desktopDisabled
Desktop/Desktop
PolicySettingComment
Prohibit adding itemsEnabled
Prohibit deleting itemsEnabled
Prohibit editing itemsEnabled
Google/Google Chrome
PolicySettingComment
Allow Dinosaur Easter Egg GameDisabled
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
chrome://chrome-urls
chrome://download-internals
chrome://flags
chrome://net-export
chrome://net-internals
chrome://omnibox
chrome://policy
chrome://system
chrome://inspect
PolicySettingComment
Control where Developer Tools can be usedEnabled
Control where Developer Tools can be usedAllow usage of the Developer Tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com
Google/Google Chrome - Default Settings (users can override)
PolicySettingComment
Enable reporting of usage and crash-related dataEnabled
Microsoft Edge
PolicySettingComment
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
PolicySettingComment
Control where developer tools can be usedEnabled
Control where developer tools can be usedDon't allow using the developer tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com
Mozilla/Firefox
PolicySettingComment
Block about:configDisabled
Block about:profilesEnabled
Block Add-ons ManagerEnabled
Define domains allowed to access Google WorkspaceEnabled
teleperformance.com,es.teleperformance.es,es.teleperformance.com
PolicySettingComment
Disable Developer ToolsEnabled
Network/Windows Connect Now
PolicySettingComment
Prohibit access of the Windows Connect Now wizardsEnabled
Start Menu and Taskbar
PolicySettingComment
Add Search Internet link to Start MenuDisabled
Add the Run command to the Start MenuDisabled
Clear history of recently opened documents on exitEnabled
Disable context menus in the Start MenuEnabled
Do not allow pinning items in Jump ListsEnabled
Do not allow pinning Store app to the TaskbarEnabled
Do not display or track items in Jump Lists from remote locationsEnabled
Do not search communicationsEnabled
Do not search for filesEnabled
Do not search InternetEnabled
Do not search programs and Control Panel itemsEnabled
Do not use the search-based method when resolving shell shortcutsEnabled
Do not use the tracking-based method when resolving shell shortcutsEnabled
Lock all taskbar settingsEnabled
Prevent changes to Taskbar and Start Menu SettingsEnabled
Prevent users from adding or removing toolbarsEnabled
Prevent users from customizing their Start ScreenEnabled
Prevent users from moving taskbar to another screen dock locationEnabled
Prevent users from rearranging toolbarsEnabled
Prevent users from uninstalling applications from StartEnabled
Remove access to the context menus for the taskbarEnabled
Remove All Programs list from the Start menuEnabled
Choose one of the following actionsRemove and disable setting
PolicySettingComment
Remove common program groups from Start MenuEnabled
Remove Default Programs link from the Start menu.Enabled
Remove Documents icon from Start MenuEnabled
Remove Downloads link from Start MenuEnabled
Remove Favorites menu from Start MenuEnabled
Remove frequent programs list from the Start MenuEnabled
Remove Games link from Start MenuEnabled
Remove Help menu from Start MenuEnabled
Remove Homegroup link from Start MenuEnabled
Remove links and access to Windows UpdateEnabled
Remove Music icon from Start MenuEnabled
Remove Network Connections from Start MenuEnabled
Remove Network icon from Start MenuEnabled
Remove Notifications and Action CenterEnabled
Remove Pictures icon from Start MenuEnabled
Remove pinned programs from the TaskbarEnabled
Remove pinned programs list from the Start MenuEnabled
Remove Recent Items menu from Start MenuEnabled
Remove Recorded TV link from Start MenuEnabled
Remove Run menu from Start MenuEnabled
Remove Search Computer linkEnabled
Remove Search link from Start MenuEnabled
Remove See More Results / Search Everywhere linkEnabled
Remove the "Undock PC" button from the Start MenuEnabled
Remove the networking iconEnabled
Remove the People Bar from the taskbarEnabled
Remove the Security and Maintenance iconEnabled
Remove user folder link from Start MenuEnabled
Remove Videos link from Start MenuEnabled
Search just apps from the Apps viewEnabled
Show "Run as different user" command on StartEnabled
Turn off all balloon notificationsEnabled
Turn off automatic promotion of notification icons to the taskbarEnabled
Turn off notification area cleanupEnabled
Turn off personalized menusEnabled
Turn off user trackingEnabled
System
PolicySettingComment
Don't run specified Windows applicationsEnabled
List of disallowed applications
cmd.exe
command.com
powershell.exe
appwiz.cpl
regedit.exe
regedt32.exe
compmgmt.msc
eventvwr.exe
gpedit.msc
services.msc
control.exe
bitsadmin.exe
cacls.exe
help.exe
mmc.exe
mstsc.exe
helppane.exe
HELPCTR.EXE
PowerShell_ise.exe
notepad.exe
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?Yes
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
PolicySettingComment
Restrict these programs from being launched from HelpEnabled
Enter executables separated by commas:cmd.exe,command.com,powershell.exe,appwiz.cpl,regedit.exe,regedt32.exe,compmgmt.msc,eventvwr.exe,gpedit.msc,services.msc,control.exe,bitsadmin.exe,cacls.exe,help.exe,mmc.exe,mstsc.exe,helppane.exe,HELPCTR.EXE,PowerShell_ise.exe
Example: calc.exe,paint.exe
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Floppy Drives: Deny read accessEnabled
Floppy Drives: Deny write accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
Tape Drives: Deny read accessEnabled
Tape Drives: Deny write accessEnabled
WPD Devices: Deny read accessEnabled
WPD Devices: Deny write accessEnabled
Windows Components/Add features to Windows 10
PolicySettingComment
Prevent the wizard from running.Enabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Cloud Content
PolicySettingComment
Turn off all Windows spotlight featuresEnabled
Windows Components/Edge UI
PolicySettingComment
Allow edge swipeEnabled
Windows Components/File Explorer
PolicySettingComment
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict all drives
PolicySettingComment
Hides the Manage item on the File Explorer context menuEnabled
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsRestrict all drives
PolicySettingComment
Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
Remove CD Burning featuresEnabled
Remove Hardware tabEnabled
Remove UI to change keyboard navigation indicator settingEnabled
Turn off Windows Key hotkeysEnabled
Turn off Windows Libraries features that rely on indexed file dataEnabled
Windows Components/File Explorer/Explorer Frame Pane
PolicySettingComment
Turn on or off details paneEnabled
Configure details paneAlways hide
Windows Components/Internet Explorer
PolicySettingComment
Do not allow users to enable or disable add-onsEnabled
Prevent access to Internet Explorer HelpEnabled
Prevent changing proxy settingsEnabled
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Advanced pageEnabled
Disable the Programs pageEnabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Turn off encryption supportEnabled
Secure Protocol combinationsUse TLS 1.2 and TLS 1.3
Windows Components/Internet Explorer/Toolbars
PolicySettingComment
Turn off Developer ToolsEnabled
Windows Components/Microsoft Edge
PolicySettingComment
Allow ExtensionsDisabled
Prevent access to the about:flags page in Microsoft EdgeEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict the user from entering author modeEnabled
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Network Sharing
PolicySettingComment
Prevent users from sharing files within their profile.Enabled
Windows Components/Presentation Settings
PolicySettingComment
Turn off Windows presentation settingsEnabled
Windows Components/RSS Feeds
PolicySettingComment
Prevent access to feed listEnabled
Windows Components/Store
PolicySettingComment
Only display the private store within the Microsoft StoreEnabled
Turn off the offer to update to the latest version of WindowsEnabled
Turn off the Store applicationEnabled
Windows Components/Task Scheduler
PolicySettingComment
Hide Advanced Properties Checkbox in Add Scheduled Task WizardEnabled
Hide Property PagesEnabled
Prevent Task Run or EndEnabled
Prohibit BrowseEnabled
Prohibit Drag-and-DropEnabled
Prohibit New Task CreationEnabled
Prohibit Task DeletionEnabled
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesEnabled
This policy setting must be set for the machine and the user to be enforced.
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Windows Components/Windows Mobility Center
PolicySettingComment
Turn off Windows Mobility CenterEnabled
Preferences
Windows Settings
Files
File (Target Path: %USERPROFILE%\Desktop)
Desktop (Order: 1)
General
ActionUpdate
Properties
Destination file%USERPROFILE%\Desktop
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyEnabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Shortcuts
Shortcut (Path: %DesktopDir%\Shortcuts)
Shortcuts (Order: 1)
General
ActionCreate
Attributes
Target typeFile system object
Shortcut path%DesktopDir%\Shortcuts
Target path%userprofile%\Documents
Shortcut keyNone
RunNormal window
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Shortcut (Path: %DesktopDir%\Downloads)
Downloads (Order: 5)
General
ActionReplace
Attributes
Target typeFile system object
Shortcut path%DesktopDir%\Downloads
Target path%userprofile%\Downloads
Shortcut keyNone
RunNormal window
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Downloads (Order: 4)
General
ActionCreate
Attributes
Target typeFile system object
Shortcut path%DesktopDir%\Downloads
Target path%userprofile%\Downloads
Shortcut keyNone
RunNormal window
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Downloads (Order: 3)
General
ActionCreate
Attributes
Target typeFile system object
Shortcut path%DesktopDir%\Downloads
Target path%userprofile%\Downloads
Shortcut keyNone
RunNormal window
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Downloads (Order: 2)
General
ActionCreate
Attributes
Target typeFile system object
Shortcut path%DesktopDir%\Downloads
Target pathC:\Windows\explorer.exe
Shortcut keyNone
RunNormal window
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Shortcut (Path: %DesktopDir%\Papelera)
Papelera (Order: 6)
General
ActionDelete
Attributes
Target typeShell object
Shortcut path%DesktopDir%\Papelera
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo