Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GC-PO-WIN-C-Server Hardening Policy
Data collected on: 2-9-2025 11:22:55
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-1233267
Created7-7-2023 15:01:26
Modified24-7-2023 19:29:08
User Revisions17 (AD), 17 (SYSVOL)
Computer Revisions6 (AD), 6 (SYSVOL)
Unique ID{50907db3-2a66-4599-80a8-1ecec71b388b}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
None

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\GC-G-ORG-ServerAdminEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-1233267Edit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history10 passwords remembered
Maximum password age30 days
Minimum password age1 days
Minimum password length8 characters
Password must meet complexity requirementsEnabled
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration99999 minutes
Account lockout threshold3 invalid logon attempts
Reset account lockout counter after99999 minutes
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkBUILTIN\Administrators, NT AUTHORITY\Authenticated Users, BUILTIN\Backup Operators, Everyone
Adjust memory quotas for a processBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Allow log on locallyBUILTIN\Administrators, BUILTIN\Backup Operators
Allow log on through Terminal ServicesBUILTIN\Administrators, BUILTIN\Backup Operators, BUILTIN\Remote Desktop Users
Back up files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators
Bypass traverse checkingBUILTIN\Backup Operators, Everyone, BUILTIN\Users
Change the system timeBUILTIN\Administrators
Create a pagefileBUILTIN\Administrators
Create global objectsBUILTIN\Administrators, NT AUTHORITY\SERVICE
Debug programsBUILTIN\Administrators
Deny access to this computer from the networkBUILTIN\Guests
Force shutdown from a remote systemBUILTIN\Administrators
Generate security auditsNT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
Impersonate a client after authenticationBUILTIN\Administrators, NT AUTHORITY\SERVICE
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Administrators
Log on as a batch jobBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE
Log on as a serviceBUILTIN\Administrators, NT AUTHORITY\NETWORK SERVICE, BUILTIN\Users
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Perform volume maintenance tasksBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Profile system performanceBUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Replace a process level tokenNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators
Restore files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators
Shut down the systemBUILTIN\Administrators, BUILTIN\Backup Operators
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Administrator account statusEnabled
Accounts: Guest account statusDisabled
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Accounts: Rename guest account"!NoUseGuest!"
Audit
PolicySetting
Audit: Audit the access of global system objectsDisabled
Audit: Audit the use of Backup and Restore privilegeDisabled
Audit: Shut down system immediately if unable to log security auditsDisabled
Devices
PolicySetting
Devices: Allow undock without having to log onDisabled
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Devices: Restrict CD-ROM access to locally logged-on user onlyDisabled
Devices: Restrict floppy access to locally logged-on user onlyEnabled
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Domain member: Disable machine account password changesDisabled
Domain member: Maximum machine account password age30 days
Domain member: Require strong (Windows 2000 or later) session keyDisabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Message text for users attempting to log onThis system is the property of Teleperformance Global Services, and is to be used in accordance with applicable Teleperformance Policies. Any unauthorized access or activity is a violation of Teleperformance Policies and may be a violation of a law. Use of this system constitutes consent to monitoring for unauthorized use, in accordance with Teleperformance Policies, local laws, and regulations. Unauthorized use may result in penalties including, but not limited to, reprimand, dismissal, financial penalties, and legal actions.
Interactive logon: Message title for users attempting to log on"Teleperformance Security Advisory Warning"
Interactive logon: Number of previous logons to cache (in case domain controller is not available)10 logons
Interactive logon: Prompt user to change password before expiration15 days
Interactive logon: Require Domain Controller authentication to unlock workstationDisabled
Interactive logon: Require Windows Hello for Business or smart cardDisabled
Interactive logon: Smart card removal behaviorForce Logoff
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Disabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft network client: Send unencrypted password to third-party SMB serversDisabled
Microsoft Network Server
PolicySetting
Microsoft network server: Amount of idle time required before suspending session15 minutes
Microsoft network server: Digitally sign communications (always)Disabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Microsoft network server: Disconnect clients when logon hours expireEnabled
Network Access
PolicySetting
Network access: Allow anonymous SID/Name translationDisabled
Network access: Do not allow anonymous enumeration of SAM accountsEnabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireEnabled
Network security: LAN Manager authentication levelSend LM & NTLM - use NTLMv2 session security if negotiated
Network security: LDAP client signing requirementsNegotiate signing
Recovery Console
PolicySetting
Recovery console: Allow automatic administrative logonDisabled
Recovery console: Allow floppy copy and access to all drives and all foldersDisabled
Shutdown
PolicySetting
Shutdown: Allow system to be shut down without having to log onDisabled
Shutdown: Clear virtual memory pagefileDisabled
System Objects
PolicySetting
System objects: Require case insensitivity for non-Windows subsystemsEnabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)Enabled
Registry Values
PolicySetting
MACHINE\Software\Microsoft\Driver Signing\Policy1
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy0
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner0
Event Log
PolicySetting
Maximum application log size153600 kilobytes
Maximum security log size153600 kilobytes
Maximum system log size153600 kilobytes
Prevent local guests group from accessing application logEnabled
Prevent local guests group from accessing security logEnabled
Prevent local guests group from accessing system logEnabled
Retention method for application logAs needed
Retention method for security logAs needed
Retention method for system logAs needed
System Services
Messenger (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
mnmsrvc (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Access Auto Connection Manager (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Routing and Remote Access (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Registry (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Smart Card (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
TlntSvr (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
UPS (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
User Configuration (Enabled)
Preferences
Control Panel Settings
Internet Settings
Internet Explorer 10: Internet Explorer 10 (Order: 1)
General
Startup
Startup optionsStart with tabs from the last session
Browsing history
Delete browsing history on exitNo
Connections
Dial-up settings
Connection behaviorDial whenever a network connection is not present
Advanced
Accelerated graphics
User software rendering instead of GPU renderingEnabled
Accessibility
Always expand ALT text for imagesDisabled
Enable Caret Browser for new windows and tabsDisabled
Move system caret with focus/selection changesDisabled
Play system soundsDisabled
Reset text size to medium for new windows and tabsDisabled
Reset Zoom level for new windows and tabsDisabled
Browsing
Automatically recover from page layout errors with Compatibility ViewEnabled
Close unused folders in History and Favorites (requires restart)Disabled
Disable Script debugging (Internet Explorer)Enabled
Disable Script debugging (Other)Enabled
Display a notification about every script errorDisabled
Display Accelerator button on selectionDisabled
Enable automatic crash recoveryEnabled
Enable flip aheadDisabled
Enable FTP folder view (outside of Internet Explorer)Enabled
Enable Suggested SitesDisabled
Enable third-party browser extensions (requires restart)Disabled
Enable visual styles on buttons and controls in webpagesEnabled
Enable websites to use the search paneDisabled
Go to an intranet site for a single word entry in the Address barDisabled
Notify when downloads completeEnabled
Reuse windows for launching shortcutsEnabled
Show Friendly HTTP Error messagesEnabled
Tell me if Internet Explorer is not the default web browserEnabled
Underline linksAlways
Use inline AutoCompleteEnabled
Use inline Autocomplete in File Explorer and Run DialogDisabled
Use most recent order when switching tabs with Ctrl+TabDisabled
Use Passive FTP (for firewall and DSL model compatibility)Enabled
Use smooth scrollingEnabled
HTTP 1.1 settings
Use HTTP 1.1Enabled
Use HTTP 1.1 through proxy connectionsEnabled
International
Always show encoded addressesDisabled
Send IDN server namesEnabled
Send IDN server names for Intranet addressesDisabled
Send UTF-8 URLsEnabled
Show Information Bar for encoded addressesEnabled
Multimedia
Enable alternative codecs in HTML5 media elementsEnabled
Enable Automatic Image ResizingEnabled
Play animations in webpagesDisabled
Play sounds in webpagesDisabled
Show image download placeholdersDisabled
Show picturesEnabled
Security
Allow active content from CDs to run on My ComputerDisabled
Allow active content to run in files on My ComputerDisabled
Always send Do Not Track headerDisabled
Allow software to run or install even if the signature is invalidDisabled
Block unsecured images with other mixed contentDisabled
Check for publisher's certificate revocationEnabled
Check for server certificate revocation (requires restart)Enabled
Check for signatures on downloaded programsEnabled
Do not save encrypted pages to diskEnabled
Empty Temporary Internet Files folder when browser is closedEnabled
Enable memory protection to help mitigate online attacksDisabled
Enable DOM StorageEnabled
Enable Enhanced Protected ModeEnabled
Enable Integrated Windows Authentication (requires restart)Enabled
Enable native XMLHTTP supportEnabled
Enable SmartScreen FilterDisabled
Use SSL 2.0Disabled
Use SSL 3.0Enabled
Use TLS 1.0Disabled
Use TLS 1.1Disabled
Use TLS 1.2Enabled
Warn about certificate address mismatchEnabled
Warn if changing between secure and not secure modeEnabled
Warn if POST submittal is redirected to a zone that does not permit postsEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo