Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
FR-PO-WIN-C-Windows 10 Hardening
Data collected on: 2-9-2025 09:25:08
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-22141
Created22-3-2019 14:40:40
Modified14-4-2025 13:00:42
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions68 (AD), 68 (SYSVOL)
Unique ID{48b31ffa-a609-4ec0-b731-0bf90c87cae5}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/FR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\FR-L-SEC-Hardening_Computers_Windows10
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\FR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\FR-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
EMEA\FR-L-SEC-Hardening_Computers_Windows10Read (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Deny log on locallyEMEA\FR-L-SEC-GPO-Waha-User-Configuration, EMEA\FR-L-SEC-GPO-Waha-Folder_Redirection_Startmenu
Local Policies/Security Options
User Account Control
PolicySetting
User Account Control: Admin Approval Mode for the Built-in Administrator accountDisabled
User Account Control: Behavior of the elevation prompt for standard usersPrompt for credentials
User Account Control: Detect application installations and prompt for elevationEnabled
System Services
AppX Deployment Service (AppXSVC) (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Defender Advanced Threat Protection Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Microsoft Defender Antivirus Network Inspection Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Microsoft Defender Antivirus Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%ProgramFiles%\WindowsApps\Microsoft.WindowsStore*
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\FR-L-SEC Disable Win10 FeaturesFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Regional and Language Options
PolicySettingComment
Allow users to enable online speech recognition servicesDisabled
Control Panel/Regional and Language Options/Handwriting personalization
PolicySettingComment
Turn off automatic learningEnabled
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Offline Files
PolicySettingComment
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
Start Menu and Taskbar
PolicySettingComment
Disable context menus in the Start MenuEnabled
Start LayoutEnabled
Start Layout File\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\{48B31FFA-A609-4EC0-B731-0BF90C87CAE5}\Machine\Scripts\Startup\Windows10StartMenu\LayoutModification.xml
Reapply layout at every logon 
System/Internet Communication Management/Internet Communication settings
PolicySettingComment
Turn off access to the StoreEnabled
Turn off handwriting personalization data sharingEnabled
Turn off handwriting recognition error reportingEnabled
Turn off Help and Support Center "Did you know?" contentEnabled
Turn off the Windows Messenger Customer Experience Improvement ProgramEnabled
Turn off Windows Error ReportingEnabled
System/OS Policies
PolicySettingComment
Allow publishing of User ActivitiesDisabled
System/Power Management/Hard Disk Settings
PolicySettingComment
Turn Off the hard disk (plugged in)Enabled
Turn Off the Hard Disk (seconds):0
System/Power Management/Sleep Settings
PolicySettingComment
Allow standby states (S1-S3) when sleeping (on battery)Disabled
Allow standby states (S1-S3) when sleeping (plugged in)Disabled
System/Recovery
PolicySettingComment
Allow restore of system to default stateDisabled
System/System Restore
PolicySettingComment
Turn off ConfigurationEnabled
Turn off System RestoreEnabled
System/User Profiles
PolicySettingComment
Do not log users on with temporary profilesEnabled
Turn off the advertising IDEnabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access account informationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access call historyEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access contactsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access diagnostic information about other appsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access emailEnabled
Default for all apps:Force Allow
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access locationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access messagingEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access motionEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access notificationsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access TasksEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the calendarEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the cameraEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the microphoneEnabled
Default for all apps:Force Allow
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access trusted devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps communicate with unpaired devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps control radiosEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps make phone callsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps run in the backgroundEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/Application Compatibility
PolicySettingComment
Remove Program Compatibility Property PageEnabled
Turn off Application Compatibility EngineEnabled
Turn off Application TelemetryEnabled
Turn off Inventory CollectorEnabled
Turn off Program Compatibility AssistantEnabled
Turn off Steps RecorderEnabled
Turn off SwitchBack Compatibility EngineEnabled
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsEnabled
Turn off Microsoft consumer experiencesEnabled
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow Diagnostic DataEnabled
Diagnostic data off (not recommended)
PolicySettingComment
Configure the Commercial IDDisabled
Do not show feedback notificationsEnabled
Limit optional diagnostic data for Desktop AnalyticsDisabled
Toggle user control over Insider buildsDisabled
Windows Components/Desktop Gadgets
PolicySettingComment
Turn off desktop gadgetsEnabled
Windows Components/File Explorer
PolicySettingComment
Do not show the 'new application installed' notificationEnabled
Start File Explorer with ribbon minimizedEnabled
Pick one of the following settings 
Windows Components/File History
PolicySettingComment
Turn off File HistoryEnabled
Windows Components/Find My Device
PolicySettingComment
Turn On/Off Find My DeviceDisabled
Windows Components/Game Explorer
PolicySettingComment
Turn off downloading of game informationEnabled
Turn off game updatesEnabled
Turn off tracking of last play time of games in the Games folderEnabled
Windows Components/Location and Sensors
PolicySettingComment
Turn off locationEnabled
Turn off sensorsEnabled
Windows Components/Location and Sensors/Windows Location Provider
PolicySettingComment
Turn off Windows Location ProviderEnabled
Windows Components/Microsoft account
PolicySettingComment
Block all consumer Microsoft account user authenticationEnabled
Windows Components/Microsoft Defender Antivirus
PolicySettingComment
Turn off Microsoft Defender AntivirusEnabled
Windows Components/Microsoft Defender Antivirus/MAPS
PolicySettingComment
Configure local setting override for reporting to Microsoft MAPSDisabled
Join Microsoft MAPSEnabled
Join Microsoft MAPSDisabled
PolicySettingComment
Send file samples when further analysis is requiredEnabled
Send file samples when further analysis is requiredNever send
Windows Components/Microsoft Defender Antivirus/Real-time Protection
PolicySettingComment
Monitor file and program activity on your computerDisabled
Turn off real-time protectionDisabled
Turn on behavior monitoringDisabled
Turn on process scanning whenever real-time protection is enabledDisabled
Windows Components/OneDrive
PolicySettingComment
Prevent OneDrive files from syncing over metered connectionsEnabled
Metered Network SettingBlock syncing on all metered connections
PolicySettingComment
Prevent OneDrive from generating network traffic until the user signs in to OneDriveEnabled
Prevent the usage of OneDrive for file storageEnabled
Prevent the usage of OneDrive for file storage on Windows 8.1Enabled
Save documents to OneDrive by defaultDisabled
Windows Components/Online Assistance
PolicySettingComment
Turn off Active HelpEnabled
Windows Components/Push To Install
PolicySettingComment
Turn off Push To Install serviceEnabled
Windows Components/Search
PolicySettingComment
Allow Cloud SearchEnabled
Cloud Search SettingDisable Cloud Search
PolicySettingComment
Allow CortanaDisabled
Allow Cortana above lock screenDisabled
Allow indexing of encrypted filesDisabled
Allow search and Cortana to use locationDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Set what information is shared in SearchEnabled
Type of informationAnonymous info
Windows Components/Security Center
PolicySettingComment
Turn on Security Center (Domain PCs only)Disabled
Windows Components/Speech
PolicySettingComment
Allow Automatic Update of Speech DataDisabled
Windows Components/Store
PolicySettingComment
Disable all apps from Microsoft Store Enabled
Only display the private store within the Microsoft StoreEnabled
Turn off the Store applicationEnabled
Windows Components/Tablet PC/Handwriting personalization
PolicySettingComment
Turn off automatic learningEnabled
Windows Components/Windows Defender SmartScreen/Explorer
PolicySettingComment
Configure Windows Defender SmartScreenDisabled
Windows Components/Windows Error Reporting
PolicySettingComment
Automatically send memory dumps for OS-generated error reportsDisabled
Disable Windows Error ReportingEnabled
Do not send additional dataEnabled
Windows Components/Windows Game Recording and Broadcasting
PolicySettingComment
Enables or disables Windows Game Recording and BroadcastingDisabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\Windows\PreviewBuilds\EnableConfigFlighting1
Software\Policies\Microsoft\Windows\PreviewBuilds\EnableExperimentation1
Preferences
Windows Settings
Files
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1)
Group1 (Order: 1)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2)
Group2 (Order: 2)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3)
Group3 (Order: 3)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
DisableAntiSpyware (Order: 1)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AutoDownload (Order: 2)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate
Value nameAutoDownload
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DisableWindowsConsumerFeatures (Order: 3)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\CloudContent
Value nameDisableWindowsConsumerFeatures
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Start (Order: 4)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameStart
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DownloadMode (Order: 5)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config
Value nameDownloadMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AutoDownload (Order: 6)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\WindowsStore
Value nameAutoDownload
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
EnableFirstLogonAnimation (Order: 7)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value nameEnableFirstLogonAnimation
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.