| GR-PO-WIN-C-Microsoft CPR PC Settings | |
| Data collected on: 2-9-2025 12:18:52 | |
| Domain | emea.tpg.ads |
| Owner | EMEA\tentolouris.5-adm |
| Created | 5-9-2024 10:15:36 |
| Modified | 15-4-2025 11:48:18 |
| User Revisions | 1 (AD), 1 (SYSVOL) |
| Computer Revisions | 30 (AD), 30 (SYSVOL) |
| Unique ID | {674d0568-9cfc-4082-8d5c-c9a319d35395} |
| GPO Status | Enabled |
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| Clients | Yes | Enabled | emea.tpg.ads/GR/Systems/Clients |
| Name |
|---|
| EMEA\GR-L-SEC-Systems Clients MICROSOFT CPR Computers |
| Name | Allowed Permissions | Inherited |
|---|---|---|
| EMEA\Domain Admins | Edit settings, delete, modify security | No |
| EMEA\Domain Computers | Read | No |
| EMEA\GR-G-ORG-OU Admins | Edit settings, delete, modify security | No |
| EMEA\GR-L-SEC-Systems Clients MICROSOFT CPR Computers | Read (from Security Filtering) | No |
| EMEA\tentolouris.5-adm | Edit settings, delete, modify security | No |
| NT AUTHORITY\Authenticated Users | Read | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
| ROOT\Enterprise Admins | Edit settings, delete, modify security | No |
| Name | Parameters |
|---|---|
| \\grkalfs01\netconfigfiles\Microsoft\Setups\QuickAssist\copyquickassist.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\Setups\DeleteOneDrive.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\Setups\MSWIN101607\OneDriveRemove.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\Setups\spellcheck\Microsoft_spellcheck.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\MSBackground\CopyDesktop.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\Hosts_file\CopyHostFile_MS_ASD.bat | |
| \\grkalfs01\netconfigfiles\Microsoft\Setups\MSWIN101607\UninstallWin10Apps.ps1 |
| Policy | Setting |
|---|---|
| Account lockout duration | 0 minutes |
| Account lockout threshold | 6 invalid logon attempts |
| Reset account lockout counter after | 15 minutes |
| Owner |
| Type | Name | Permission | Apply To |
|---|---|---|---|
| Allow | APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES | Read and Execute | This folder, subfolders and files |
| Allow | CREATOR OWNER | Full Control | Subfolders and files only |
| Allow | NT AUTHORITY\SYSTEM | Full Control | This folder, subfolders and files |
| Allow | BUILTIN\Administrators | Full Control | This folder, subfolders and files |
| Allow | BUILTIN\Users | Modify | This folder, subfolders and files |
| Allow inheritable permissions from the parent to propagate to this object and all child objects | Disabled |
| Issued To | Issued By | Expiration Date | Intended Purposes |
|---|---|---|---|
| WebTitan Cloud | WebTitan Cloud | 4-6-2028 16:16:43 | <All> |
| Policy | Setting |
|---|---|
| Enforce rules of this type | True |
| Action | User | Name | Rule Type | Exceptions |
|---|---|---|---|---|
| Allow | Everyone | Microsoft.Windows.ShellExperienceHost, from Microsoft Corporation | Publisher | No |
| Allow | Everyone | MicrosoftWindows.Client.CBS, from Microsoft Windows | Publisher | No |
| Allow | Everyone | Microsoft.Windows.ContentDeliveryManager, from Microsoft Corporation | Publisher | No |
| Allow | Everyone | MicrosoftWindows.Client.WebExperience, from Microsoft Windows | Publisher | No |
| Allow | Everyone | Microsoft.TranslatorforMicrosoftEdge, from Microsoft Corporation | Publisher | No |
| Allow | Everyone | Microsoft.Windows.ContentDeliveryManager, from Microsoft Corporation | Publisher | No |
| Allow | Everyone | Microsoft.BioEnrollment, from Microsoft Corporation | Publisher | No |
| Allow | Everyone | Microsoft.Windows.StartMenuExperienceHost, from ms-resource:StartMenuExperienceHost/PublisherDisplayName | Publisher | No |
| Allow | Everyone | MicrosoftWindows.Client.CBS, from Microsoft Windows | Publisher | No |
| Allow | Everyone | Microsoft.BioEnrollment, from Microsoft Corporation | Publisher | No |
| Policy | Setting |
|---|---|
| Enforce rules of this type | False |
| Action | User | Name | Rule Type | Exceptions |
|---|---|---|---|---|
| Deny | EMEA\GR-G-ORG-USERS Microsoft ALL T1 Agents | MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US | Publisher | No |
| Deny | EMEA\GR-G-ORG-USERS Microsoft ALL T1 Agents | %PROGRAMFILES%\Microsoft Office\* | Path | No |
| Allow | Everyone | (Default Rule) All files located in the Program Files folder | Path | No |
| Allow | Everyone | (Default Rule) All files located in the Windows folder | Path | No |
| Allow | BUILTIN\Administrators | (Default Rule) All files | Path | No |
| Policy | Setting |
|---|---|
| Enforce rules of this type | False |
| Policy | Setting |
|---|---|
| Enforce rules of this type | False |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Settings Page Visibility | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Delete cached copies of roaming profiles | Enabled | |||
| Delete user profiles older than a specified number of days on system restart | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Do not log users on with temporary profiles | Enabled | |||
| Policy | Setting | Comment |
|---|---|---|
| Allow all trusted apps to install | Enabled | |
| Allows development of Windows Store apps and installing them from an integrated development environment (IDE) | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Allow Extensions | Enabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Enable client-side targeting | Enabled | |||
| ||||
| Action | Update |
| Source file(s) | \\grkalfs01\netconfigfiles\Microsoft\MSBackground\MSCopilotProTeamsBackground.jpg |
| Destination file | C:\ProgramData\TPBackground\MSCopilotProTeamsBackground.jpg |
| Suppress errors on individual file actions | Disabled |
| Read-only | Disabled |
| Hidden | Disabled |
| Archive | Enabled |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Group name | Users (built-in) |
| Delete all member users | Disabled |
| Delete all member groups | Enabled |
| EMEA\GR-G-ORG-Remote Admin Users | S-1-5-21-513466819-3096973226-347852806-613115 |
| EMEA\GR-G-ORG-USERS MICROSOFT CPR AGENTS | S-1-5-21-513466819-3096973226-347852806-1687701 |
| EMEA\GR-G-ORG-USERS Microsoft SLAM Access | S-1-5-21-513466819-3096973226-347852806-722924 |
| tpadmin |
| EMEA\uwmtask.2 | S-1-5-21-513466819-3096973226-347852806-813771 |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Group name | Administrators (built-in) |
| Delete all member users | Disabled |
| Delete all member groups | Enabled |
| EMEA\GR-G-ORG-Remote Admin Users | S-1-5-21-513466819-3096973226-347852806-613115 |
| EMEA\uwmtask.2 | S-1-5-21-513466819-3096973226-347852806-813771 |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Name | InstallVisioVWR | |||
| Author | EMEA\tentolouris.5 | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | Yes | |||
| Configure for | 1.3 | |||
| Enabled | Yes |
| 1. At task creation/modification | ||||
| Activate | 16-6-2020 12:44:32 | Synchronize across time zones | No | |
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | \\kalfs1.tphellas.legacy\netconfigfiles\Microsoft\Setups\visiovwrinstall.bat |
| Stop if the computer ceases to be idle | Yes | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | Yes | |||
| Allow task to be run on demand | Yes | |||
| Stop task if it runs longer than | 8 hours | |||
| If the running task does not end when requested, force it to stop | Yes | |||
| If the task is already running, then the following rule applies | StopExisting |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | Yes |
| Action | Create |
| Name | Perform Updates | |||
| Author | EMEA\tentolouris.5 | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | Yes | |||
| Configure for | 1.3 | |||
| Enabled | Yes |
| 1. At startup | ||||
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | \\grkalfs01\netconfigfiles\GlobalSettings\WindowsUpdate-Forced\caller.bat |
| Stop if the computer ceases to be idle | Yes | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | Yes | |||
| Allow task to be run on demand | Yes | |||
| Stop task if it runs longer than | 8 hours | |||
| If the running task does not end when requested, force it to stop | Yes | |||
| If the task is already running, then the following rule applies | StopExisting |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Name | Uninstall PAPopup | |||
| Author | EMEA\tentolouris.5 | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | Yes | |||
| Configure for | 1.3 | |||
| Enabled | Yes |
| 1. One time | ||||
| Activate | 22-3-2021 12:45:22 | Synchronize across time zones | No | |
| Expire | 31-3-2021 10:45:18 | Synchronize across time zones | No | |
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | MsiExec.exe | |||
| Arguments | /QN /NORESTART /X{942FF230-40D4-4105-951C-3612BA1DB948} |
| Stop if the computer ceases to be idle | Yes | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | Yes | |||
| Allow task to be run on demand | Yes | |||
| Run task as soon as possible after a scheduled start is missed | Yes | |||
| Stop task if it runs longer than | 8 hours | |||
| If the running task does not end when requested, force it to stop | Yes | |||
| If the task is already running, then the following rule applies | StopExisting |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Name | Host_File_Copyv2 | |||
| Author | EMEA\tentolouris.5 | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | No | |||
| Configure for | 1.3 | |||
| Enabled | Yes |
| 1. Run at user logon | ||||
| Delay task for | 30 seconds | |||
| Repeat task every 5 minutes for a duration of 1 hour | ||||
| Stop all running tasks at end of repetition duration | No | |||
| Activate | 6-4-2020 14:33:02 | Synchronize across time zones | No | |
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | \\grkalfs01\netconfigfiles\Microsoft\Hosts_file\CopyHostFile_MS_ASD.bat |
| Stop if the computer ceases to be idle | Yes | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | Yes | |||
| Allow task to be run on demand | Yes | |||
| Stop task if it runs longer than | 3 days | |||
| If the running task does not end when requested, force it to stop | Yes | |||
| If the task is already running, then the following rule applies | IgnoreNew |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Name | Uninstall LMI | |||
| Author | EMEA\tentolouris.5-adm | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | No | |||
| Configure for | 1.2 | |||
| Enabled | Yes |
| 1. One time | ||||
| Delay task for up to (random delay) | 1 day | |||
| Activate | 17-11-2021 13:35:29 | Synchronize across time zones | No | |
| Expire | 2-1-2022 13:38:46 | Synchronize across time zones | No | |
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | C:\Windows\System32\msiexec.exe | |||
| Arguments | /QN /NORESTART /X{5BC2AFD7-1C94-4FC6-8B0A-5B9D6C1E983D} | |||
| 2. Start a program | ||||
| Program/script | C:\Windows\System32\msiexec.exe | |||
| Arguments | /QN /NORESTART /X{430B9AB3-4071-45B9-9372-57BA3454BC53} | |||
| 3. Start a program | ||||
| Program/script | C:\Windows\System32\msiexec.exe | |||
| Arguments | /QN /NORESTART /X{2897AFD7-567D-437A-ACD4-981ED76BC95B} | |||
| 4. Start a program | ||||
| Program/script | C:\Windows\System32\msiexec.exe | |||
| Arguments | /QN /NORESTART /X{A2AF44DC-528E-4A70-A3D6-8C4C4AEDDB7C} |
| Stop if the computer ceases to be idle | No | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | No | |||
| Allow task to be run on demand | Yes | |||
| Run task as soon as possible after a scheduled start is missed | Yes | |||
| Stop task if it runs longer than | Immediately | |||
| If the running task does not end when requested, force it to stop | No | |||
| If the task is not scheduled to run again, delete it after | 30 days | |||
| If the task is already running, then the following rule applies | IgnoreNew |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Name | Office StartUP update | |||
| Author | EMEA\tentolouris.5-adm | |||
| Description | ||||
| Run only when user is logged on | ||||
| GroupId | NT AUTHORITY\SYSTEM | |||
| Run with highest privileges | HighestAvailable | |||
| Hidden | No | |||
| Configure for | 1.2 | |||
| Enabled | Yes |
| 1. At startup | ||||
| Enabled | Yes | |||
| 1. Start a program | ||||
| Program/script | C:\Windows\System32\cmd.exe | |||
| Arguments | /c if exist "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" ( "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user displaylevel=false forceappshutdown=true ) |
| Stop if the computer ceases to be idle | No | |||
| Restart if the idle state resumes | No | |||
| Start the task only if the computer is on AC power | No | |||
| Stop if the computer switches to battery power | No | |||
| Allow task to be run on demand | No | |||
| Stop task if it runs longer than | Immediately | |||
| If the running task does not end when requested, force it to stop | No | |||
| If the task is already running, then the following rule applies | IgnoreNew |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |