Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
GR-PO-WIN-Global Servers Settings
Data collected on: 2-9-2025 08:59:46
General
Details
Domainemea.tpg.ads
OwnerEMEA\tsitsiklis.5
Created5-10-2016 10:52:36
Modified24-11-2023 08:33:24
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions176 (AD), 176 (SYSVOL)
Unique ID{eeab43af-d1fc-4212-b2f2-c6b0c12011d4}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/GR/Systems/Servers
CHQYesEnabledemea.tpg.ads/GR/Systems/Servers/CHQ
KALYesEnabledemea.tpg.ads/GR/Systems/Servers/KAL
MKTYesEnabledemea.tpg.ads/GR/Systems/Servers/MKT
PIRYesEnabledemea.tpg.ads/GR/Systems/Servers/PIR
TAVYesEnabledemea.tpg.ads/GR/Systems/Servers/TAV

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\GR-G-ORG-OU AdminsEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Back up files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators, EMEA\GR-G-ORG-OU Admins, EMEA\GR-L-SEC-Service Accounts as Local Admins
Create a token objectEMEA\GR-L-SEC-Service Accounts as Local Admins
Debug programsBUILTIN\Administrators, EMEA\GR-G-ORG-OU Admins
Log on as a batch jobBUILTIN\Performance Log Users, Logon As Batch, EMEA\GR-L-SEC-Service Accounts as Local Admins, EMEA\GR-L-SEC-Access to Log on as a batch job, BUILTIN\Backup Operators, BUILTIN\Administrators
Log on as a serviceEMEA\GR-L-SEC-Service Accounts as Local Admins, Logon as a Service, NT AUTHORITY\NETWORK SERVICE, NT SERVICE\ALL SERVICES
Manage auditing and security logBUILTIN\Administrators, EMEA\GR-G-ORG-OU Admins, EMEA\GR-L-SEC-Service Accounts as Local Admins
Perform volume maintenance tasksEMEA\GR-L-SEC-Service Accounts as Local Admins, BUILTIN\Administrators
Restore files and directoriesBUILTIN\Administrators, BUILTIN\Backup Operators, EMEA\GR-G-ORG-OU Admins, EMEA\GR-L-SEC-Service Accounts as Local Admins
Take ownership of files or other objectsBUILTIN\Administrators, EMEA\GR-L-SEC-Service Accounts as Local Admins
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Accounts: Rename administrator account"yannis"
Accounts: Rename guest account"habos"
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Domain Member
PolicySetting
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Disable machine account password changesDisabled
Domain member: Require strong (Windows 2000 or later) session keyEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Number of previous logons to cache (in case domain controller is not available)0 logons
Interactive logon: Require Domain Controller authentication to unlock workstationEnabled
Network Access
PolicySetting
Network access: Do not allow anonymous enumeration of SAM accountsEnabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network Security
PolicySetting
Network security: LDAP client signing requirementsRequire signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversEnabled
Require NTLMv2 session securityEnabled
Require 128-bit encryptionEnabled
System Cryptography
PolicySetting
System cryptography: Force strong key protection for user keys stored on the computerUser is prompted when the key is first used
Restricted Groups
GroupMembersMember of
EMEA\GR-G-ORG-IT-Systems-ADMBUILTIN\Administrators
EMEA\GR-L-SEC-Service Accounts as Local AdminsBUILTIN\Administrators
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/AutoPlay Policies
PolicySettingComment
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Microsoft Defender Antivirus
PolicySettingComment
Allow antimalware service to remain running alwaysDisabled
Turn off Microsoft Defender AntivirusEnabled
Turn off routine remediationEnabled
Windows Components/Microsoft Defender Antivirus/Real-time Protection
PolicySettingComment
Monitor file and program activity on your computerDisabled
Turn off real-time protectionEnabled
Turn on behavior monitoringDisabled
Turn on process scanning whenever real-time protection is enabledDisabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require secure RPC communicationEnabled
Require use of specific security layer for remote (RDP) connectionsEnabled
Security LayerSSL
Choose the security layer from the drop-down list.
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Server authentication certificate templateEnabled
Certificate Template NameTPEMEA-RDPAE2years
PolicySettingComment
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
Preferences
Windows Settings
Registry
EnableLUA (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value nameEnableLUA
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
FeatureSettingsOverride (Order: 2)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x48 (72)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Enabled (Order: 3)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider
Value nameEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
restrictanonymous (Order: 4)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Lsa
Value namerestrictanonymous
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
FeatureSettingsOverrideMask (Order: 5)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverrideMask
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
Group (Name: Administrators (built-in))
Administrators (built-in) (Order: 1)
Local Group
ActionUpdate
Properties
Group nameAdministrators (built-in)
Delete all member usersDisabled
Delete all member groupsDisabled
Add members
EMEA\emeanessus.1S-1-5-21-513466819-3096973226-347852806-32532
Remove members
EMEA\Domain AdminsS-1-5-21-513466819-3096973226-347852806-512
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: SEP Uninstall)
SEP Uninstall (Order: 1)
General
ActionDelete
Task
Name SEP Uninstall
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass \\kalfs1.tphellas.legacy\netconfigfiles\GlobalSettings\Setups\SEP\UninstallSEP.ps1
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.