Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
ES-PO-WIN-ADM-U-Restrictions GISP Allow Desktop, Drives & StartMenu
Data collected on: 2-9-2025 12:22:53
General
Details
Domainemea.tpg.ads
OwnerEMEA\cespedes.11-adm
Created16-10-2024 09:10:14
Modified1-9-2025 13:48:40
User Revisions74 (AD), 74 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{5b95063a-2a93-435c-a1bc-01387761428f}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ESNoEnabledemea.tpg.ads/ES

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ES-L-SEC-User Restriction GISP Allow Desktop & StartMenu
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\ES-L-SEC-User Restriction GISP Allow Desktop & StartMenuRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Hash Rules
APPWIZ.CPL (10.0.17763.2028); APPWIZ; Shell Application Manager; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:06
bitsadmin.exe (7.8.17763.1); bitsadmin.exe; BITS administration utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:24
CACLS.EXE (10.0.17763.1); cacls; Control ACLs Program; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:32:49
Cmd.Exe (10.0.17763.1697); cmd; Windows Command Processor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:33:08
compmgmt.msc; 111 KB; 15/09/2018 8:12:44
Security LevelDisallowed
Description
Date last modified25-1-2024 17:33:27
CONTROL.EXE (10.0.17763.2300); Control; Windows Control Panel; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelBasic User
Description
Date last modified23-10-2024 12:33:28
eventvwr.exe (10.0.17763.1); eventvwr; Event Viewer Snapin Launcher; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:07
gpedit.msc; 144 KB; 15/09/2018 8:13:19
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:23
Help.Exe (10.0.17763.1); Help; Command Line Help Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:39
HelpPane.exe (10.0.17763.2989); HelpPane.exe; Microsoft Help and Support; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:34:54
mmc.exe (10.0.17763.1697); mmc.exe; Microsoft Management Console; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:35:13
NOTEPAD.EXE (10.0.17763.5328); Notepad; Notepad; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified5-2-2024 09:25:30
PowerShell.EXE (10.0.17763.1); POWERSHELL; Windows PowerShell; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:04
powershell_ise.EXE (10.0.17763.1); POWERSHELL_ISE; Windows PowerShell ISE; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:14
REGEDIT.EXE (10.0.17763.1697); REGEDIT; Registry Editor; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:26
regedt32.exe (10.0.17763.1); regedt32.exe; Registry Editor Utility; Microsoft® Windows® Operating System; Microsoft Corporation
Security LevelDisallowed
Description
Date last modified25-1-2024 17:36:50
services.msc; 91 KB; 15/09/2018 8:12:52
Security LevelDisallowed
Description
Date last modified25-1-2024 17:37:05
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified25-1-2024 17:30:23
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified25-1-2024 17:30:23
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Prohibit access to Control Panel and PC settingsEnabled
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.Display
Microsoft.Mouse
Control Panel/Personalization
PolicySettingComment
Enable screen saverEnabled
Force specific screen saverEnabled
Screen saver executable name%logonserver%\netlogon\valores.src
PolicySettingComment
Password protect the screen saverEnabled
Screen saver timeoutEnabled
Number of seconds to wait to enable the screen saver
Seconds:300
Control Panel/Printers
PolicySettingComment
Browse the network to find printersDisabled
Prevent addition of printersEnabled
Google/Google Chrome
PolicySettingComment
Allow Dinosaur Easter Egg GameDisabled
Allow user feedbackDisabled
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
chrome://chrome-urls
chrome://download-internals
chrome://flags
chrome://net-export
chrome://net-internals
chrome://omnibox
chrome://policy
chrome://system
chrome://help
chrome://settings/help
chrome://inspect
PolicySettingComment
Control where Developer Tools can be usedEnabled
Control where Developer Tools can be usedDisallow usage of the Developer Tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com,tpgroupinc.com
PolicySettingComment
Proxy settingsEnabled
Proxy settings
Google/Google Chrome - Default Settings (users can override)
PolicySettingComment
Enable reporting of usage and crash-related dataEnabled
Google/Google Chrome/Password manager
PolicySettingComment
Enable saving passwords to the password managerDisabled
Microsoft Edge
PolicySettingComment
Allow user feedbackDisabled
Block access to a list of URLsEnabled
Block access to a list of URLs
File://*
PolicySettingComment
Control where developer tools can be usedEnabled
Control where developer tools can be usedDon't allow using the developer tools
PolicySettingComment
Define domains allowed to access Google WorkspaceEnabled
Define domains allowed to access Google Workspaceteleperformance.com,es.teleperformance.es,es.teleperformance.com,tpgroupinc.com
Microsoft Edge/Password manager and protection
PolicySettingComment
Enable saving passwords to the password managerDisabled
Microsoft Edge/Proxy server
PolicySettingComment
Proxy settingsEnabled
Proxy settings
Microsoft Edge/Startup, home page and new tab page
PolicySettingComment
Allow Microsoft content on the new tab pageDisabled
Configure the home page URLEnabled
Home page URLabout:blank
PolicySettingComment
Configure the new tab page URLEnabled
New tab page URLabout:blank
Mozilla/Firefox
PolicySettingComment
Block about:configEnabled
Block about:profilesEnabled
Block Add-ons ManagerEnabled
Define domains allowed to access Google WorkspaceEnabled
teleperformance.com,es.teleperformance.es,es.teleperformance.com,tpgroupinc.com
PolicySettingComment
Disable Developer ToolsEnabled
Disable Feedback CommandsEnabled
Password ManagerDisabled
Mozilla/Firefox/Proxy Settings
PolicySettingComment
Do not allow proxy settings to be changedEnabled
Network/Windows Connect Now
PolicySettingComment
Prohibit access of the Windows Connect Now wizardsEnabled
System
PolicySettingComment
Do not display the Getting Started welcome screen at logonEnabled
Don't run specified Windows applicationsEnabled
List of disallowed applications
appwiz.cpl
bitsadmin.exe
cacls.exe
cmd.exe
command.com
compmgmt.msc
control.exe
eventvwr.exe
help.exe
HELPCTR.EXE
helppane.exe
mmc.exe
powershell.exe
PowerShell_ise.exe
regedit.exe
regedt32.exe
services.msc
taskschd.msc
taskmgr.exe
gpedit.msc
mstsc.exe
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?Yes
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
PolicySettingComment
Restrict these programs from being launched from HelpEnabled
Enter executables separated by commas:cmd.exe,command.com,powershell.exe,appwiz.cpl,regedit.exe,regedt32.exe,compmgmt.msc,eventvwr.exe,gpedit.msc,services.msc,control.exe,bitsadmin.exe,cacls.exe,help.exe,mmc.exe,mstsc.exe,helppane.exe,HELPCTR.EXE,PowerShell_ise.exe,taskschd.msc,taskmgr.exe,notepad.exe
Example: calc.exe,paint.exe
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Floppy Drives: Deny read accessEnabled
Floppy Drives: Deny write accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
Tape Drives: Deny read accessEnabled
Tape Drives: Deny write accessEnabled
WPD Devices: Deny read accessEnabled
WPD Devices: Deny write accessEnabled
Windows Components/Add features to Windows 10
PolicySettingComment
Prevent the wizard from running.Enabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Cloud Content
PolicySettingComment
Turn off all Windows spotlight featuresEnabled
Windows Components/Edge UI
PolicySettingComment
Allow edge swipeEnabled
Windows Components/File Explorer
PolicySettingComment
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict all drives
PolicySettingComment
No Computers Near Me in Network LocationsEnabled
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsRestrict A and B drives only
PolicySettingComment
Prevent users from adding files to the root of their Users Files folder.Enabled
Remove CD Burning featuresEnabled
Windows Components/Internet Explorer
PolicySettingComment
Do not allow users to enable or disable add-onsEnabled
Prevent access to Internet Explorer HelpEnabled
Prevent changing proxy settingsEnabled
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Advanced pageEnabled
Disable the Programs pageEnabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Turn off encryption supportEnabled
Secure Protocol combinationsUse TLS 1.2 and TLS 1.3
Windows Components/Internet Explorer/Toolbars
PolicySettingComment
Turn off Developer ToolsEnabled
Windows Components/Microsoft Edge
PolicySettingComment
Allow ExtensionsDisabled
Prevent access to the about:flags page in Microsoft EdgeEnabled
Prevent the First Run webpage from opening on Microsoft EdgeEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict the user from entering author modeEnabled
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Network Sharing
PolicySettingComment
Prevent users from sharing files within their profile.Enabled
Windows Components/Presentation Settings
PolicySettingComment
Turn off Windows presentation settingsEnabled
Windows Components/RSS Feeds
PolicySettingComment
Prevent access to feed listEnabled
Windows Components/Store
PolicySettingComment
Only display the private store within the Microsoft StoreEnabled
Turn off the offer to update to the latest version of WindowsEnabled
Turn off the Store applicationEnabled
Windows Components/Task Scheduler
PolicySettingComment
Hide Advanced Properties Checkbox in Add Scheduled Task WizardEnabled
Hide Property PagesEnabled
Prevent Task Run or EndEnabled
Prohibit BrowseEnabled
Prohibit Drag-and-DropEnabled
Prohibit New Task CreationEnabled
Prohibit Task DeletionEnabled
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesEnabled
This policy setting must be set for the machine and the user to be enforced.
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Windows Components/Windows Mobility Center
PolicySettingComment
Turn off Windows Mobility CenterEnabled