Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-WIN-C-Servers Extra Hardening
Data collected on: 2-9-2025 09:56:02
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5-adm
Created13-4-2021 15:31:12
Modified9-2-2023 15:01:44
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions203 (AD), 203 (SYSVOL)
Unique ID{002c444c-6649-494c-8013-e4e65840e0f3}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ServersYesEnabledemea.tpg.ads/GR/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\GR-L-SEC-Servers Extra Hardening
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\GR-L-SEC-Servers Extra HardeningRead (from Security Filtering)No
EMEA\tentolouris.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration60 minutes
Account lockout threshold6 invalid logon attempts
Reset account lockout counter after30 minutes
Local Policies/Audit Policy
PolicySetting
Audit object accessSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkNT AUTHORITY\Authenticated Users, BUILTIN\Administrators
Allow log on locallyBUILTIN\Administrators
Allow log on through Terminal ServicesBUILTIN\Administrators, BUILTIN\Remote Desktop Users
Change the system timeBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE
Create a pagefileBUILTIN\Administrators
Deny access to this computer from the networkBUILTIN\Guests, NT AUTHORITY\ANONYMOUS LOGON
Force shutdown from a remote systemBUILTIN\Administrators
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Administrators
Lock pages in memory
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Perform volume maintenance tasksBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Restore files and directoriesBUILTIN\Administrators
Shut down the systemBUILTIN\Administrators
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Domain Controller
PolicySetting
Domain controller: LDAP server signing requirementsRequire signing
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/AutoPlay Policies
PolicySettingComment
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
Preferences
Control Panel Settings
Local Users and Groups
Group (Name: Administrators (built-in))
Administrators (built-in) (Order: 1)
Local Group
ActionUpdate
Properties
Group nameAdministrators (built-in)
Delete all member usersDisabled
Delete all member groupsDisabled
Remove members
EMEA\Domain AdminsS-1-5-21-513466819-3096973226-347852806-512
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Increase Schedulling priority)
Increase Schedulling priority (Order: 2)
Local Group
ActionCreate
Properties
Group nameIncrease Schedulling priority
DescriptionIncrease Schedulling priority
Delete all member usersDisabled
Delete all member groupsDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Logon as a Service)
Logon as a Service (Order: 3)
Local Group
ActionCreate
Properties
Group nameLogon as a Service
DescriptionLogon as a Service
Delete all member usersDisabled
Delete all member groupsDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Logon As Batch)
Logon As Batch (Order: 4)
Local Group
ActionCreate
Properties
Group nameLogon As Batch
DescriptionLogon As Batch
Delete all member usersDisabled
Delete all member groupsDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Manage Auditing and Security Log)
Manage Auditing and Security Log (Order: 5)
Local Group
ActionCreate
Properties
Group nameManage Auditing and Security Log
DescriptionManage Auditing and Security Log
Delete all member usersDisabled
Delete all member groupsDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Perform Volume Maintenance Tasks)
Perform Volume Maintenance Tasks (Order: 6)
Local Group
ActionCreate
Properties
Group namePerform Volume Maintenance Tasks
DescriptionPerform Volume Maintenance Tasks
Delete all member usersDisabled
Delete all member groupsDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.