Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-WIN-C-Global Systems Settings
Data collected on: 2-9-2025 08:55:23
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5
Created24-9-2015 15:44:04
Modified28-8-2025 11:24:26
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions489 (AD), 489 (SYSVOL)
Unique ID{a5a71a8e-eb9b-41a1-be25-2652e771fa02}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
SystemsNoEnabledemea.tpg.ads/GR/Systems

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\tentolouris.5Edit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-203252ReadNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history24 passwords remembered
Maximum password age60 days
Minimum password age1 days
Minimum password length12 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration60 minutes
Account lockout threshold6 invalid logon attempts
Reset account lockout counter after60 minutes
Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictionsEnabled
Maximum lifetime for service ticket600 minutes
Maximum lifetime for user ticket10 hours
Maximum lifetime for user ticket renewal7 days
Maximum tolerance for computer clock synchronization99999 minutes
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessNo auditing
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Back up files and directoriesEMEA\GR-G-ORG-OU Admins, BUILTIN\Administrators
Debug programsEMEA\GR-G-ORG-OU Admins, BUILTIN\Administrators
Deny log on locallyEMEA\GR-G-ORG-Users NO Login to Windows
Deny log on through Terminal ServicesEMEA\GR-G-ORG-Users NO Login to Windows
Manage auditing and security logEMEA\GR-G-ORG-OU Admins, BUILTIN\Administrators
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Guest account statusDisabled
Interactive Logon
PolicySetting
Interactive logon: Message text for users attempting to log onThis computer system (including all hardware, software, and peripheral equipment) is, the property of Teleperformance. Use of this computer system is restricted to official, Teleperformance business. Teleperformance reserves the right to monitor use of the, computer system at any time. Use of this system constitutes consent to such monitoring., Any unauthorized access, use, or modification of the computer system can result in civil, liability and/or criminal penalties.
Interactive logon: Message title for users attempting to log on"---------------Teleperformance Hellas---------------"
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Other
PolicySetting
Accounts: Block Microsoft accountsUsers can't add or log on with Microsoft accounts
Event Log
PolicySetting
Prevent local guests group from accessing application logEnabled
Prevent local guests group from accessing security logEnabled
Prevent local guests group from accessing system logEnabled
Retain security log90 days
Retain system log90 days
Retention method for application logAs needed
Retention method for security logBy days
Retention method for system logBy days
File System
%SystemDrive%\TPSTUFF
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemDrive%\TPSTUFF\lansweeper.ico
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESModifyThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersModifyThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemDrive%\TPSTUFF\LSclient.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESModifyThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersModifyThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemDrive%\TPSTUFF\lspush.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESModifyThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersModifyThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Public Key Policies/Certificate Services Client - Auto-Enrollment Settings
PolicySetting
Automatic certificate managementEnabled
OptionSetting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificatesEnabled
Update and manage certificates that use certificate templates from Active DirectoryEnabled
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
grathlnxca01grathlnxca0125-2-2043 14:31:45<All>
s800-TPGRDC03-CAs800-TPGRDC03-CA17-9-2025 09:47:28<All>
Teleperformance Root CATeleperformance Root CA25-4-2036 18:58:15<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Intermediate Certification Authority Certificates
Issued ToIssued ByExpiration DateIntended Purposes
TP EMEA Enterprise CATeleperformance Root CA26-4-2026 17:09:38<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy version2.22
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Private Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Public Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Advanced Audit Configuration
Account Logon
PolicySetting
Audit Credential ValidationSuccess, Failure
Audit Kerberos Authentication ServiceSuccess, Failure
Audit Kerberos Service Ticket OperationsSuccess, Failure
Audit Other Account Logon EventsSuccess, Failure
Account Management
PolicySetting
Audit Application Group ManagementSuccess, Failure
Audit Computer Account ManagementSuccess, Failure
Audit Distribution Group ManagementSuccess, Failure
Audit Other Account Management EventsSuccess, Failure
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit DPAPI ActivitySuccess, Failure
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess, Failure
Audit RPC EventsSuccess, Failure
DS Access
PolicySetting
Audit Detailed Directory Service ReplicationSuccess, Failure
Audit Directory Service AccessSuccess, Failure
Audit Directory Service ChangesSuccess, Failure
Audit Directory Service ReplicationSuccess, Failure
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess, Failure
Audit User / Device ClaimsSuccess, Failure
Audit IPsec Extended ModeSuccess, Failure
Audit IPsec Main ModeSuccess, Failure
Audit IPsec Quick ModeSuccess, Failure
Audit LogoffSuccess, Failure
Audit LogonSuccess, Failure
Audit Network Policy ServerSuccess, Failure
Audit Other Logon/Logoff EventsSuccess, Failure
Audit Special LogonSuccess, Failure
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
Audit Authorization Policy ChangeSuccess, Failure
Audit Filtering Platform Policy ChangeSuccess, Failure
Audit MPSSVC Rule-Level Policy ChangeSuccess, Failure
Audit Other Policy Change EventsSuccess, Failure
Privilege Use
PolicySetting
Audit Non Sensitive Privilege UseSuccess, Failure
Audit Other Privilege Use EventsSuccess, Failure
Audit Sensitive Privilege UseSuccess, Failure
System
PolicySetting
Audit IPsec DriverSuccess, Failure
Audit Other System EventsSuccess, Failure
Audit Security State ChangeSuccess, Failure
Audit Security System ExtensionSuccess, Failure
Audit System IntegritySuccess, Failure
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/DNS Client
PolicySettingComment
DNS suffix search listEnabled
DNS Suffixes:s800.local,emea.tpg.ads,teleperformance.gr
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
Network/Network Provider
PolicySettingComment
Hardened UNC PathsEnabled
Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.
Hardened UNC Paths: 
\\*\C$RequireMutualAuthentication=1
You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.
System
PolicySettingComment
Display highly detailed status messagesEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Turn off encryption supportEnabled
Secure Protocol combinationsUse TLS 1.0, TLS 1.1, and TLS 1.2
Preferences
Windows Settings
Registry
DisableAntiSpyware (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/QualityCompat
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: cadca5fe-87d3-4b96-b7fb-a231484277cc
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
Value namecadca5fe-87d3-4b96-b7fb-a231484277cc
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/system_a.exe
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: system_a.exe
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system_a.exe
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: Debugger
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system_a.exe
Value nameDebugger
Value typeREG_SZ
Value data"c:\windows\system32\systray.exe" /z
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: Lansweeper Scan on Login)
Lansweeper Scan on Login (Order: 1)
General
ActionDelete
Task
Name Lansweeper Scan on Login
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Actions
1. Start a program
Program/script \\grkalfs01\netconfigfiles\GlobalSettings\Lansweeper\LansweeperScan.bat
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: KMSSet to Local)
KMSSet to Local (Order: 2)
General
ActionUpdate
Task
Name KMSSet to Local
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. Run at user logon
Delay task for 30 minutes
Enabled Yes
2. On workstation lock
Enabled Yes
3. At task creation/modification
Enabled Yes
Actions
1. Start a program
Program/script \\grkalfs01\netconfigfiles\GlobalSettings\KMStoLocal.bat
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Services
Service (Name: Island Service Agent)
Island Service Agent (Order: 1)
General
Service nameIsland Service Agent
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:30 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Item-level targeting: Security Group
AttributeValue
boolAND
not0
nameEMEA\GR-L-SEC-Island Service Disable
sidS-1-5-21-513466819-3096973226-347852806-1927121
userContext0
primaryGroup0
localGroup0
User Configuration (Enabled)
No settings defined.