Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-WIN-C-IT PC Settings
Data collected on: 2-9-2025 09:28:32
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5
Created19-6-2019 15:28:52
Modified6-5-2025 14:45:04
User Revisions6 (AD), 6 (SYSVOL)
Computer Revisions156 (AD), 156 (SYSVOL)
Unique ID{fe4fa979-0c40-45c4-b5d9-627d72a02e65}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsYesEnabledemea.tpg.ads/GR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\GRATHVDCVPNL02$
EMEA\GR-L-SEC-Systems Clients IT Settings
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GRATHVDCVPNL02$Read (from Security Filtering)No
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\GR-L-SEC-Systems Clients IT SettingsRead (from Security Filtering)No
EMEA\tentolouris.5Edit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Deny log on locallyEMEA\GR-G-ORG-Users NO Login to Windows, DenyLogonLocal
Deny log on through Terminal ServicesEMEA\GR-G-ORG-Users NO Login to Windows, DenyLogonLocal
Local Policies/Security Options
Interactive Logon
PolicySetting
Interactive logon: Don't display last signed-inDisabled
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy versionNot Configured
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Settings Page VisibilityDisabled
Network/DNS Client
PolicySettingComment
Register PTR recordsEnabled
Register PTR records:Register
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound UPnP framework exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:10.238.81.0/24
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local port exceptionsEnabled
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Define inbound port exceptionsEnabled
Define port exceptions:
*:*:10.238.81.0/24:enabled:ITAccess
*:*:172.16.1.0/24:enabled:ServerAccess
*:*:10.238.85.0/24:enabled:ServersAccess
*:*:10.240.86.0/24:enabled:Servers3Access
Specify the port to open or block.
Syntax:
<Port>:<Transport>:<Scope>:<Status>:<Name>
<Port> is a decimal port number
<Transport> is either "TCP" or "UDP"
<Scope> is either "*" (for all networks) or
a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
<Status> is either "enabled" or "disabled"
<Name> is a text string
Example:
The following definition string adds TCP port 80
to the port exceptions list and allows it to
receive messages from 10.0.0.1, 10.0.0.2, or any
system on the 10.3.4.x subnet:
80:TCP:10.0.0.1,10.0.0.2,10.3.4.0/24:enabled:Web service
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
System/Power Management
PolicySettingComment
Select an active power planDisabled
System/Power Management/Button Settings
PolicySettingComment
Select the lid switch action (on battery)Disabled
Select the lid switch action (plugged in)Disabled
Select the Power button action (on battery)Disabled
Select the Power button action (plugged in)Disabled
Select the Sleep button action (on battery)Disabled
Select the Sleep button action (plugged in)Disabled
Select the Start menu Power button action (on battery)Disabled
Select the Start menu Power button action (plugged in)Disabled
System/Power Management/Power Throttling Settings
PolicySettingComment
Turn off Power ThrottlingDisabled
System/Power Management/Sleep Settings
PolicySettingComment
Allow standby states (S1-S3) when sleeping (on battery)Enabled
Allow standby states (S1-S3) when sleeping (plugged in)Enabled
Specify the system hibernate timeout (on battery)Disabled
Specify the system hibernate timeout (plugged in)Disabled
Specify the system sleep timeout (on battery)Disabled
Specify the system sleep timeout (plugged in)Disabled
Specify the unattended sleep timeout (on battery)Disabled
Specify the unattended sleep timeout (plugged in)Disabled
Turn off hybrid sleep (on battery)Disabled
Turn off hybrid sleep (plugged in)Disabled
Turn on the ability for applications to prevent sleep transitions (on battery)Disabled
Turn on the ability for applications to prevent sleep transitions (plugged in)Disabled
System/Power Management/Video and Display Settings
PolicySettingComment
Turn off the display (on battery)Disabled
Turn off the display (plugged in)Disabled
Windows Components/Add features to Windows 10
PolicySettingComment
Prevent the wizard from running.Disabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access account informationEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access an eye tracker deviceEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access call historyEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access contactsEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access diagnostic information about other appsEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access emailEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access locationEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access messagingEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access motionEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access notificationsEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access TasksEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the calendarEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the cameraEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the microphoneEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access trusted devicesEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps communicate with unpaired devicesEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps control radiosEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps make phone callsEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps run in the backgroundEnabled
Default for all apps:User is in control
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/App runtime
PolicySettingComment
Block launching desktop apps associated with a file.Disabled
Block launching desktop apps associated with a URI schemeDisabled
Block launching Universal Windows apps with Windows Runtime API access from hosted content.Disabled
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsDisabled
Turn off Microsoft consumer experiencesDisabled
Windows Components/Desktop Gadgets
PolicySettingComment
Turn off desktop gadgetsDisabled
Turn Off user-installed desktop gadgetsDisabled
Windows Components/File Explorer
PolicySettingComment
Show hibernate in the power options menuEnabled
Show sleep in the power options menuEnabled
Windows Components/Internet Explorer
PolicySettingComment
Prevent changing proxy settingsDisabled
Windows Components/Microsoft Edge
PolicySettingComment
Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closedEnabled
Configure pre-launchPrevent pre-launching
PolicySettingComment
Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closedEnabled
Configure tab preloadingPrevent tab preloading
Windows Components/Windows Ink Workspace
PolicySettingComment
Allow Windows Ink WorkspaceEnabled
Choose one of the following actionsOn
Windows Components/Windows Media Center
PolicySettingComment
Do not allow Windows Media Center to runDisabled
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Enable client-side targetingEnabled
Target group name for this computerIT
Preferences
Windows Settings
Registry
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/MTCUVC
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: EnableMtcUvc
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\MTCUVC
Value nameEnableMtcUvc
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory Management
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverride
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x48 (72)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverrideMask
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverrideMask
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: LANDESK Agent Health Bootstrap Task)
LANDESK Agent Health Bootstrap Task (Order: 1)
General
ActionDelete
Task
Name LANDESK Agent Health Bootstrap Task
Author EMEA\tentolouris.5-adm
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges LeastPrivilege
Hidden No
Configure for 1.2
Enabled Yes
Actions
1. Start a program
Program/script "C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe"
Arguments 14400 "vulscan.exe /scan=3 /autofix=true"
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.