Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-ADM-C-MerakiMFA
Data collected on: 2-9-2025 09:47:56
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5-adm
Created22-7-2020 11:12:52
Modified9-2-2023 14:54:04
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions45 (AD), 45 (SYSVOL)
Unique ID{861a4702-e4fa-4d63-bb4c-156e060fe186}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/GR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\GR-G-ORG-Computers Meraki MFA
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GR-G-ORG-Computers Meraki MFARead (from Security Filtering)No
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\tentolouris.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
System Services
Wired AutoConfig (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
WlanSvc (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Wired Network (802.3) Policies
MerakiMFA
NameMerakiMFA
DescriptionSample Description
Global Settings
SettingValue
Use Windows wired LAN network services for clientsEnabled
Shared user credentials for network authenticationEnabled
Network Profile
Security Settings
Enable use of IEEE 802.1X authentication for network accessEnabled
Enforce use of IEEE 802.1X authentication for network accessDisabled
IEEE 802.1X Settings
Computer AuthenticationComputer only
Maximum Authentication Failures1
Maximum EAPOL-Start Messages Sent
Held Period (seconds)
Start Period (seconds)
Authentication Period (seconds)
Network Authentication Method Properties
Authentication methodProtected EAP (PEAP)
Validate server certificateEnabled
Connect to these servers
Do not prompt user to authorize new servers or trusted certification authoritiesDisabled
Enable fast reconnectEnabled
Disconnect if server does not present cryptobinding TLVDisabled
Enforce network access protectionDisabled
Authentication Method Configuration
Authentication methodSecured password (EAP-MSCHAP v2)
Automatically use my Windows logon name and password(and domain if any)Enabled
Preferences
Windows Settings
Registry
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: LsaAllowReturningUnencryptedSecrets
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Lsa
Value nameLsaAllowReturningUnencryptedSecrets
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: SetupMerakiMFA)
SetupMerakiMFA (Order: 1)
General
ActionDelete
Task
Name SetupMerakiMFA
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden Yes
Configure for 1.3
Enabled Yes
Actions
1. Start a program
Program/script \\grkalfs01\netconfigfiles\GlobalSettings\Setups\Cisco-pbvpn\CiscoNamAndCache.vbs
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.