Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
KE-PO-WIN-C-Clients Global Settings New
Data collected on: 2-9-2025 13:10:39
General
Details
Domainemea.tpg.ads
OwnerEMEA\Domain Admins
Created2-7-2025 08:31:40
Modified19-8-2025 13:59:14
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions27 (AD), 27 (SYSVOL)
Unique ID{75142ecd-ed1a-49e2-866f-e46bdf35abff}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/KE/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\KE-L-SEC-Clients Global Settings GPO
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\KE-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\KE-L-SEC-Clients Global Settings GPORead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Account Policies/Password Policy
PolicySetting
Enforce password history24 passwords remembered
Maximum password age60 days
Minimum password age1 days
Minimum password length12 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Policies/Account Lockout Policy
PolicySetting
Account lockout duration60 minutes
Account lockout threshold6 invalid logon attempts
Reset account lockout counter after60 minutes
Account Policies/Kerberos Policy
PolicySetting
Enforce user logon restrictionsEnabled
Maximum lifetime for service ticket600 minutes
Maximum lifetime for user ticket10 hours
Maximum lifetime for user ticket renewal7 days
Maximum tolerance for computer clock synchronization99999 minutes
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Back up files and directoriesBUILTIN\Administrators, EMEA\KE-G-ORG-OU Admins
Debug programsBUILTIN\Administrators, EMEA\KE-G-ORG-OU Admins
Deny log on locallyEMEA\KE-G-ORG-Users NO Login to Windows
Deny log on through Terminal ServicesEMEA\KE-G-ORG-Users NO Login to Windows
Manage auditing and security logBUILTIN\Administrators, EMEA\KE-G-ORG-OU Admins
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Administrator account statusDisabled
Accounts: Guest account statusDisabled
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Accounts: Rename administrator account"tpadminlc"
Accounts: Rename guest account"habos"
Audit
PolicySetting
Audit: Audit the access of global system objectsDisabled
Audit: Audit the use of Backup and Restore privilegeDisabled
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Devices: Restrict CD-ROM access to locally logged-on user onlyEnabled
Devices: Restrict floppy access to locally logged-on user onlyEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Message text for users attempting to log onThis computer system (including all hardware, software, and peripheral equipment) is, the property of Teleperformance. Use of this computer system is restricted to official, Teleperformance business. Teleperformance reserves the right to monitor use of the, computer system at any time. Use of this system constitutes consent to such monitoring., Any unauthorized access, use, or modification of the computer system can result in civil, liability and/or criminal penalties.
Interactive logon: Message title for users attempting to log on"---------------Teleperformance Kenya---------------"
Interactive logon: Prompt user to change password before expiration14 days
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Recovery Console
PolicySetting
Recovery console: Allow automatic administrative logonDisabled
Recovery console: Allow floppy copy and access to all drives and all foldersDisabled
Shutdown
PolicySetting
Shutdown: Allow system to be shut down without having to log onDisabled
Shutdown: Clear virtual memory pagefileEnabled
Other
PolicySetting
Accounts: Block Microsoft accountsUsers can't add or log on with Microsoft accounts
Event Log
PolicySetting
Prevent local guests group from accessing application logEnabled
Prevent local guests group from accessing security logEnabled
Prevent local guests group from accessing system logEnabled
Retain security log90 days
Retain system log90 days
Retention method for application logAs needed
Retention method for security logBy days
Retention method for system logBy days
System Services
BITS (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Cryptographic Services (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Installer (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Update (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%AllUsersProfile%\TPBackground
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%ProgramFiles%\WindowsApps
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\KE-L-SEC-Restricted Windows AppsFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\INF\usbstor.inf
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\Domain UsersFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\INF\usbstor.PNF
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\Domain UsersFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
DenyEMEA\KE-L-SEC-Restricted Start menu and TaskbarFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Public Key Policies/Certificate Services Client - Auto-Enrollment Settings
PolicySetting
Automatic certificate managementEnabled
OptionSetting
Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificatesEnabled
Update and manage certificates that use certificate templates from Active DirectoryEnabled
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
grathlnxca01grathlnxca0125-2-2043 14:31:45<All>
s800-TPGRDC03-CAs800-TPGRDC03-CA17-9-2025 09:47:28<All>
Teleperformance Root CATeleperformance Root CA25-4-2036 18:58:15<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Intermediate Certification Authority Certificates
Issued ToIssued ByExpiration DateIntended Purposes
TP EMEA Enterprise CATeleperformance Root CA26-4-2026 17:09:38<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy versionNot Configured
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Advanced Audit Configuration
Account Logon
PolicySetting
Audit Credential ValidationSuccess, Failure
Audit Kerberos Authentication ServiceSuccess, Failure
Audit Kerberos Service Ticket OperationsSuccess, Failure
Audit Other Account Logon EventsSuccess, Failure
Account Management
PolicySetting
Audit Application Group ManagementSuccess, Failure
Audit Computer Account ManagementSuccess, Failure
Audit Distribution Group ManagementSuccess, Failure
Audit Other Account Management EventsSuccess, Failure
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit DPAPI ActivitySuccess, Failure
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess, Failure
Audit RPC EventsSuccess, Failure
DS Access
PolicySetting
Audit Detailed Directory Service ReplicationSuccess, Failure
Audit Directory Service AccessSuccess, Failure
Audit Directory Service ChangesSuccess, Failure
Audit Directory Service ReplicationSuccess, Failure
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess, Failure
Audit User / Device ClaimsSuccess, Failure
Audit Group MembershipSuccess, Failure
Audit IPsec Extended ModeSuccess, Failure
Audit IPsec Main ModeSuccess, Failure
Audit IPsec Quick ModeSuccess, Failure
Audit LogoffSuccess, Failure
Audit LogonSuccess, Failure
Audit Network Policy ServerSuccess, Failure
Audit Other Logon/Logoff EventsSuccess, Failure
Audit Special LogonSuccess, Failure
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
Audit Authorization Policy ChangeSuccess, Failure
Audit Filtering Platform Policy ChangeSuccess, Failure
Audit MPSSVC Rule-Level Policy ChangeSuccess, Failure
Audit Other Policy Change EventsSuccess, Failure
Privilege Use
PolicySetting
Audit Non Sensitive Privilege UseSuccess, Failure
Audit Other Privilege Use EventsSuccess, Failure
Audit Sensitive Privilege UseSuccess, Failure
System
PolicySetting
Audit IPsec DriverSuccess, Failure
Audit Other System EventsSuccess, Failure
Audit Security State ChangeSuccess, Failure
Audit Security System ExtensionSuccess, Failure
Audit System IntegritySuccess, Failure
Application Control Policies
Appx Rules
PolicySetting
Enforce rules of this typeFalse

No rules of type 'Appx Rules' are defined.
Dll Rules
No rules of type 'Dll Rules' are defined.
Executable Rules
PolicySetting
Enforce rules of this typeFalse

No rules of type 'Executable Rules' are defined.
Windows Installer Rules
PolicySetting
Enforce rules of this typeFalse

No rules of type 'Windows Installer Rules' are defined.
Script Rules
PolicySetting
Enforce rules of this typeFalse

No rules of type 'Script Rules' are defined.
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Personalization
PolicySettingComment
Force a specific default lock screen and logon imageEnabled
Path to lock screen image:C:\ProgramData\TPBackground\StatementofDirection.jpg
Example: Using a local path: C:\windows\web\screen\lockscreen.jpg
Example: Using a UNC path: \\Server\Share\Corp.jpg
Turn off fun facts, tips, tricks, and more on lock screenEnabled
PolicySettingComment
Prevent changing lock screen and logon imageEnabled
Prevent changing start menu backgroundEnabled
Prevent enabling lock screen cameraEnabled
Prevent enabling lock screen slide showEnabled
Google/Google Chrome
PolicySettingComment
Allow QUIC protocolDisabled
Microsoft Edge
PolicySettingComment
Allow QUIC protocolDisabled
Network/DNS Client
PolicySettingComment
DNS suffix search listEnabled
DNS Suffixes:emea.tpg.ads,s800.local,teleperformance.gr
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
Network/Network Provider
PolicySettingComment
Hardened UNC PathsEnabled
Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resource. To secure all access to a share with a particular name, regardless of the server name, specify a server name of '*' (asterisk). For example, "\\*\NETLOGON". To secure all access to all shares hosted on a server, the share name portion of the UNC path may be omitted. For example, "\\SERVER". In the value field, specify one or more of the following options, separated by commas: 'RequireMutualAuthentication=1': Mutual authentication between the client and server is required to ensure the client connects to the correct server. 'RequireIntegrity=1': Communication between the client and server must employ an integrity mechanism to prevent data tampering. 'RequirePrivacy=1': Communication between the client and the server must be encrypted to prevent third parties from observing sensitive data.
Hardened UNC Paths: 
\\*\C$RequireMutualAuthentication=1
You should require both Integrity and Mutual Authentication for any UNC paths that host executable programs, script files, or files that control security policies. Consider hosting files that do not require Integrity or Privacy on separate shares from those that absolutely need such security for optimal performance. For additional details on configuring Windows computers to require additional security when accessing specific UNC paths, visit http://support.microsoft.com/kb/3000483.
Network/Offline Files
PolicySettingComment
Allow or Disallow use of the Offline Files featureEnabled
System
PolicySettingComment
Display highly detailed status messagesEnabled
System/Logon
PolicySettingComment
Always wait for the network at computer startup and logonEnabled
Do not display the Getting Started welcome screen at logonEnabled
Hide entry points for Fast User SwitchingEnabled
System/OS Policies
PolicySettingComment
Allow Clipboard synchronization across devicesDisabled
Allow publishing of User ActivitiesDisabled
Allow upload of User ActivitiesDisabled
Enables Activity FeedDisabled
System/Power Management/Button Settings
PolicySettingComment
Select the lid switch action (on battery)Enabled
Lid Switch ActionTake no action
PolicySettingComment
Select the lid switch action (plugged in)Enabled
Lid Switch ActionTake no action
PolicySettingComment
Select the Power button action (on battery)Enabled
Power Button ActionShut down
PolicySettingComment
Select the Power button action (plugged in)Enabled
Power Button ActionShut down
PolicySettingComment
Select the Sleep button action (on battery)Enabled
Sleep Button ActionShut down
PolicySettingComment
Select the Sleep button action (plugged in)Enabled
Sleep Button ActionShut down
PolicySettingComment
Select the Start menu Power button action (on battery)Enabled
User Interface Sleep Button ActionShut down
PolicySettingComment
Select the Start menu Power button action (plugged in)Enabled
User Interface Sleep Button ActionShut down
System/Power Management/Hard Disk Settings
PolicySettingComment
Turn Off the hard disk (on battery)Enabled
Turn Off the Hard Disk (seconds):4294967295
PolicySettingComment
Turn Off the hard disk (plugged in)Enabled
Turn Off the Hard Disk (seconds):4294967295
System/Power Management/Sleep Settings
PolicySettingComment
Allow applications to prevent automatic sleep (on battery)Enabled
Allow applications to prevent automatic sleep (plugged in)Enabled
Allow automatic sleep with Open Network Files (on battery)Disabled
Allow automatic sleep with Open Network Files (plugged in)Disabled
Allow network connectivity during connected-standby (on battery)Enabled
Allow network connectivity during connected-standby (plugged in)Enabled
Allow standby states (S1-S3) when sleeping (on battery)Disabled
Allow standby states (S1-S3) when sleeping (plugged in)Disabled
Require a password when a computer wakes (on battery)Enabled
Require a password when a computer wakes (plugged in)Enabled
Specify the system hibernate timeout (on battery)Enabled
System Hibernate Timeout (seconds):4294967295
PolicySettingComment
Specify the system hibernate timeout (plugged in)Enabled
System Hibernate Timeout (seconds):4294967295
PolicySettingComment
Specify the system sleep timeout (on battery)Enabled
System Sleep Timeout (seconds):4294967295
PolicySettingComment
Specify the system sleep timeout (plugged in)Enabled
System Sleep Timeout (seconds):4294967295
PolicySettingComment
Specify the unattended sleep timeout (on battery)Enabled
Unattended Sleep Timeout (seconds):4294967295
PolicySettingComment
Specify the unattended sleep timeout (plugged in)Enabled
Unattended Sleep Timeout (seconds):4294967295
PolicySettingComment
Turn off hybrid sleep (on battery)Enabled
Turn off hybrid sleep (plugged in)Enabled
Turn on the ability for applications to prevent sleep transitions (on battery)Enabled
Turn on the ability for applications to prevent sleep transitions (plugged in)Enabled
System/Remote Assistance
PolicySettingComment
Configure Offer Remote AssistanceDisabled
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
All Removable Storage: Allow direct access in remote sessionsDisabled
Removable Disks: Deny execute accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
System/System Restore
PolicySettingComment
Turn off ConfigurationEnabled
Turn off System RestoreEnabled
VMware Horizon Client Configuration/Scripting definitions
PolicySettingComment
Connect all USB devices to the desktop or remote application on launchEnabled
Connect USB devices to the desktop or remote application when they are plugged inEnabled
Windows Components/Add features to Windows 10
PolicySettingComment
Prevent the wizard from running.Enabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access account informationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access call historyEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access contactsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access diagnostic information about other appsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access emailEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access locationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access messagingEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access motionEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the calendarEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access trusted devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps communicate with unpaired devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps control radiosEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps take screenshots of various windows or displaysEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps turn off the screenshot borderEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/App runtime
PolicySettingComment
Block launching desktop apps associated with a URI schemeEnabled
Block launching Universal Windows apps with Windows Runtime API access from hosted content.Enabled
Windows Components/AutoPlay Policies
PolicySettingComment
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsEnabled
Turn off cloud consumer account state contentEnabled
Turn off cloud optimized contentEnabled
Turn off Microsoft consumer experiencesEnabled
Windows Components/Delivery Optimization
PolicySettingComment
Download ModeEnabled
Download Mode:HTTP only (0)
Windows Components/Desktop Gadgets
PolicySettingComment
Restrict unpacking and installation of gadgets that are not digitally signed.Enabled
Turn off desktop gadgetsEnabled
Turn Off user-installed desktop gadgetsEnabled
Windows Components/Edge UI
PolicySettingComment
Disable help tipsEnabled
Windows Components/File Explorer
PolicySettingComment
Show hibernate in the power options menuDisabled
Show sleep in the power options menuDisabled
Windows Components/Game Explorer
PolicySettingComment
Turn off downloading of game informationEnabled
Turn off game updatesEnabled
Turn off tracking of last play time of games in the Games folderEnabled
Windows Components/HomeGroup
PolicySettingComment
Prevent the computer from joining a homegroupEnabled
Windows Components/Internet Explorer
PolicySettingComment
Prevent "Fix settings" functionalityEnabled
Prevent access to Internet Explorer HelpEnabled
Prevent changing proxy settingsEnabled
Prevent participation in the Customer Experience Improvement ProgramEnabled
Prevent running First Run wizardEnabled
Select your choiceGo directly to home page
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Turn off encryption supportEnabled
Secure Protocol combinationsUse TLS 1.0, TLS 1.1, and TLS 1.2
Windows Components/Internet Explorer/Internet Control Panel/Security Page
PolicySettingComment
Intranet Sites: Include all local (intranet) sites not listed in other zonesEnabled
Intranet Sites: Include all network paths (UNCs)Enabled
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
PolicySettingComment
Download signed ActiveX controlsEnabled
Download signed ActiveX controlsDisable
PolicySettingComment
Download unsigned ActiveX controlsEnabled
Download unsigned ActiveX controlsDisable
Windows Components/Microsoft Defender Antivirus
PolicySettingComment
Turn off Microsoft Defender AntivirusEnabled
Windows Components/Microsoft Defender Antivirus/Client Interface
PolicySettingComment
Enable headless UI modeEnabled
Windows Components/Microsoft Edge
PolicySettingComment
Prevent access to the about:flags page in Microsoft EdgeEnabled
Windows Components/OneDrive
PolicySettingComment
Prevent the usage of OneDrive for file storageEnabled
Save documents to OneDrive by defaultDisabled
Windows Components/Online Assistance
PolicySettingComment
Turn off Active HelpEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections
PolicySettingComment
Allow users to connect remotely by using Remote Desktop ServicesDisabled
Windows Components/RSS Feeds
PolicySettingComment
Prevent access to feed listEnabled
Prevent automatic discovery of feeds and Web SlicesEnabled
Prevent downloading of enclosuresEnabled
Prevent subscribing to or deleting a feed or a Web SliceEnabled
Turn off background synchronization for feeds and Web SlicesEnabled
Windows Components/Search
PolicySettingComment
Allow CortanaDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Don't search the web or display web results in Search over metered connectionsEnabled
Windows Components/Security Center
PolicySettingComment
Turn on Security Center (Domain PCs only)Disabled
Windows Components/Shutdown Options
PolicySettingComment
Timeout for hung logon sessions during shutdownEnabled
Hung session timeout in Minutes:10
Windows Components/Sound Recorder
PolicySettingComment
Do not allow Sound Recorder to runEnabled
Windows Components/Store
PolicySettingComment
Disable all apps from Microsoft Store Enabled
Turn off the Store applicationEnabled
Windows Components/Sync your settings
PolicySettingComment
Do not syncEnabled
Allow users to turn syncing on.Disabled
PolicySettingComment
Do not sync app settingsEnabled
Allow users to turn "app settings" syncing on.Disabled
PolicySettingComment
Do not sync AppsEnabled
Allow users to turn "AppSync" syncing on.Disabled
PolicySettingComment
Do not sync browser settingsEnabled
Allow users to turn "browser" syncing on.Disabled
PolicySettingComment
Do not sync desktop personalizationEnabled
Allow users to turn "desktop personalization" syncing on.Disabled
PolicySettingComment
Do not sync on metered connectionsEnabled
Do not sync other Windows settingsEnabled
Allow users to turn "other Windows settings" syncing on.Disabled
PolicySettingComment
Do not sync passwordsEnabled
Allow users to turn "passwords" syncing on.Disabled
PolicySettingComment
Do not sync personalizeEnabled
Allow users to turn "personalize" syncing on.Disabled
PolicySettingComment
Do not sync start settingsEnabled
Allow users to turn "start layout" syncing on.Disabled
Windows Components/Widgets
PolicySettingComment
Allow widgetsDisabled
Windows Components/Windows Error Reporting
PolicySettingComment
Automatically send memory dumps for OS-generated error reportsDisabled
Disable Windows Error ReportingEnabled
Do not send additional dataEnabled
Do not throttle additional dataEnabled
Prevent display of the user interface for critical errorsEnabled
Windows Components/Windows Game Recording and Broadcasting
PolicySettingComment
Enables or disables Windows Game Recording and BroadcastingDisabled
Windows Components/Windows Ink Workspace
PolicySettingComment
Allow Windows Ink WorkspaceEnabled
Choose one of the following actionsDisabled
Windows Components/Windows Mail
PolicySettingComment
Turn off Windows Mail applicationEnabled
Windows Components/Windows Media Center
PolicySettingComment
Do not allow Windows Media Center to runEnabled
Windows Components/Windows Media Digital Rights Management
PolicySettingComment
Prevent Windows Media DRM Internet AccessEnabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Windows Components/Windows Security/Account protection
PolicySettingComment
Hide the Account protection areaEnabled
Windows Components/Windows Security/App and browser protection
PolicySettingComment
Prevent users from modifying settingsEnabled
Windows Components/Windows Security/Device performance and health
PolicySettingComment
Hide the Device performance and health areaEnabled
Windows Components/Windows Security/Device security
PolicySettingComment
Disable the Clear TPM buttonEnabled
Hide the Device security areaEnabled
Hide the Secure boot areaEnabled
Hide the TPM Firmware Update recommendation.Enabled
Windows Components/Windows Security/Family options
PolicySettingComment
Hide the Family options areaEnabled
Windows Components/Windows Security/Firewall and network protection
PolicySettingComment
Hide the Firewall and network protection areaEnabled
Windows Components/Windows Security/Virus and threat protection
PolicySettingComment
Hide the Ransomware data recovery areaEnabled
Hide the Virus and threat protection areaEnabled
Windows Components/Windows SideShow
PolicySettingComment
Turn off Windows SideShowEnabled
Windows Components/Windows Update/Legacy Policies
PolicySettingComment
Allow Automatic Updates immediate installationEnabled
No auto-restart with logged on users for scheduled automatic updates installationsEnabled
Re-prompt for restart with scheduled installationsEnabled
Wait the following period before prompting again with a scheduled
restart (minutes): 60
PolicySettingComment
Reschedule Automatic Updates scheduled installationsEnabled
Wait after system
startup (minutes): 1
Windows Components/Windows Update/Manage end user experience
PolicySettingComment
Configure Automatic UpdatesEnabled
Configure automatic updating:4 - Auto download and schedule the install
The following settings are only required and applicable if 4 is selected.
Install during automatic maintenanceEnabled
Scheduled install day: 0 - Every day
Scheduled install time:01:00
If you have selected “4 – Auto download and schedule the install” for your scheduled install day and specified a schedule, you also have the option to limit updating to a weekly, bi-weekly or monthly occurrence, using the options below:
Every weekEnabled
First week of the monthDisabled
Second week of the monthDisabled
Third week of the monthDisabled
Fourth week of the monthDisabled
Install updates for other Microsoft productsEnabled
PolicySettingComment
Specify active hours range for auto-restartsEnabled
Specify the max active hours range:
Max range: 18
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Allow signed updates from an intranet Microsoft update service location Enabled
Automatic Updates detection frequencyEnabled
Check for updates at the following
interval (hours): 22
PolicySettingComment
Enable client-side targetingEnabled
Target group name for this computerKenya
PolicySettingComment
Specify intranet Microsoft update service locationEnabled
Set the intranet update service for detecting updates:https://wsus01.teleperformance.gr:8531
Set the intranet statistics server:https://wsus01.teleperformance.gr:8531
Set the alternate download server:
(example: https://IntranetUpd01)
Download files with no Url in the metadata if alternate download server is set.Disabled
Do not enforce TLS certificate pinning for Windows Update client for detecting updates.Disabled
Select the proxy behavior for Windows Update client for detecting updates:Only use system proxy for detecting updates (default)
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\policies\Microsoft\Windows\DeliveryOptimization\DOMaxUploadBandwidth1
Software\policies\Microsoft\Windows\Skydrive\DisableFileSync1
Software\policies\Microsoft\Windows\Skydrive\DisableLibrariesDefaultSaveToSkyDrive1
Preferences
Windows Settings
Files
File (Target Path: C:\Windows\Temp\fixlogs.bat)
fixlogs.bat (Order: 1)
General
ActionCreate
Properties
Source file(s)\\grkalfs01\netconfigfiles\GlobalSettings\fixlogs.bat
Destination fileC:\Windows\Temp\fixlogs.bat
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: C:\TPSTUFF\DisableCBSBuiltinApps.ps1)
DisableCBSBuiltinApps.ps1 (Order: 2)
General
ActionUpdate
Properties
Source file(s)\\grkalfs01\netconfigfiles\Kenya\Settings\DisableCBSBuiltinApps.ps1
Destination fileC:\TPSTUFF\DisableCBSBuiltinApps.ps1
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folders
Folder (Path: C:\ProgramData\TPBackground\)
(Order: 1)
General
ActionCreate
Attributes
PathC:\ProgramData\TPBackground\
Read-onlyDisabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: C:\Program Files\TPTools-Apps)
TPTools-Apps (Order: 2)
General
ActionCreate
Attributes
PathC:\Program Files\TPTools-Apps
Read-onlyDisabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
DisableAntiSpyware (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
LaunchProtected (Order: 2)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameLaunchProtected
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Start (Order: 3)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameStart
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ServiceSidType (Order: 4)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameServiceSidType
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
iexplore.exe (Order: 5)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
iexplore.exe (Order: 6)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
iexplore.exe (Order: 7)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
iexplore.exe (Order: 8)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SchUseStrongCrypto (Order: 9)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SchUseStrongCrypto (Order: 10)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
EnableFirstLogonAnimation (Order: 11)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value nameEnableFirstLogonAnimation
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ms-msdt (Order: 12)
General
ActionDelete
Properties
HiveHKEY_CLASSES_ROOT
Key pathms-msdt
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
DisableAntiSpyware (Order: 13)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
cadca5fe-87d3-4b96-b7fb-a231484277cc (Order: 14)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
Value namecadca5fe-87d3-4b96-b7fb-a231484277cc
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Debugger (Order: 15)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system_a.exe
Value nameDebugger
Value typeREG_SZ
Value data"c:\windows\system32\systray.exe" /z
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
system_a.exe (Order: 16)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system_a.exe
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} (Order: 17)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Value name{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scancode Map (Order: 18)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Keyboard Layout
Value nameScancode Map
Value typeREG_BINARY
Value data000000000000000003000000000037E00000540000000000
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Start (Order: 19)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\services\USBSTOR
Value nameStart
Value typeREG_DWORD
Value data0x4 (4)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DisableStoreApps (Order: 20)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\WindowsStore
Value nameDisableStoreApps
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
EnableMtcUvc (Order: 21)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSoftware\Microsoft\Windows NT\CurrentVersion\MTCUVC
Value nameEnableMtcUvc
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
SetDisablePauseUXAccess (Order: 22)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Value nameSetDisablePauseUXAccess
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: Domains
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/*.emea.tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: *.emea.tpg.ads
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.emea.tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: (Default)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.emea.tpg.ads
Value name(Default)
Value typeREG_SZ
Value data
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/*.tpg.zone
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: *.tpg.zone
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.tpg.zone
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: (Default)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.tpg.zone
Value name(Default)
Value typeREG_SZ
Value data
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: tpg.ads
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/tpg.ads/grkalfs01.emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: grkalfs01.emea
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\grkalfs01.emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: *
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\grkalfs01.emea
Value name*
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory Management
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverride
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverride
Value typeREG_DWORD
Value data0x48 (72)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: FeatureSettingsOverrideMask
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value nameFeatureSettingsOverrideMask
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/grkalfs01
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: grkalfs01
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grkalfs01
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: *
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grkalfs01
Value name*
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: tpg.ads
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: *
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads
Value name*
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/tpg.ads/emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: emea
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: *
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\emea
Value name*
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Registry Wizard Values/HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings/ZoneMap/Domains/tpg.ads/grkalfs01.emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: grkalfs01.emea
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\grkalfs01.emea
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: *
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tpg.ads\grkalfs01.emea
Value name*
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
Group (Name: Administrators (built-in))
Administrators (built-in) (Order: 1)
Local Group
ActionUpdate
Properties
Group nameAdministrators (built-in)
Delete all member usersDisabled
Delete all member groupsDisabled
Add members
EMEA\KE-G-ORG-Remote Admin UsersS-1-5-21-513466819-3096973226-347852806-1260433
Remove members
EMEA\Domain AdminsS-1-5-21-513466819-3096973226-347852806-512
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Group (Name: Users (built-in))
Users (built-in) (Order: 2)
Local Group
ActionUpdate
Properties
Group nameUsers (built-in)
Delete all member usersDisabled
Delete all member groupsDisabled
Add members
EMEA\KE-G-ORG-Remote Admin UsersS-1-5-21-513466819-3096973226-347852806-1260433
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: Disable Hibernate EMEA)
Disable Hibernate EMEA (Order: 1)
General
ActionCreate
Task
Name Disable Hibernate EMEA
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden Yes
Configure for 1.3
Enabled Yes
Triggers
1. At task creation/modification
Activate 8-8-2022 15:52:31Synchronize across time zones No
Enabled Yes
Actions
1. Start a program
Program/script C:\Windows\System32\powercfg.exe
Arguments /hibernate off
Settings
Stop if the computer ceases to be idle No
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power No
Wake the computer to run this task Yes
Allow task to be run on demand No
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than Immediately
If the running task does not end when requested, force it to stop No
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
Scheduled Task (At least Windows 7) (Name: DesktopBackgroundCopy)
DesktopBackgroundCopy (Order: 2)
General
ActionUpdate
Task
Name DesktopBackgroundCopy
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. On local connection to user session
Delay task for 1 minute
Enabled Yes
2. Run at user logon
Delay task for 1 minute
Enabled Yes
3. On remote connection to user session
Delay task for 1 minute
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass -file "\\Kenbofs01\kenboit$\PS\CopyDesktop.ps1"
Start in \\Kenbofs01\kenboit$\PS
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power No
Start only if the following network connection is available Any connection
Allow task to be run on demand Yes
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than 1 day
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies StopExisting
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: ClearTemplogs)
ClearTemplogs (Order: 3)
General
ActionUpdate
Task
Name ClearTemplogs
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden Yes
Configure for 1.3
Enabled Yes
Triggers
1. Daily
Delay task for up to (random delay) 8 hours
Stop task if it runs longer than 2 hours
Activate 13-4-2020 09:24:03Synchronize across time zones No
Enabled Yes
Recur every 1 days
Actions
1. Start a program
Program/script C:\Windows\Temp\fixlogs.bat
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than 8 hours
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies StopExisting
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: KMSSet to Local)
KMSSet to Local (Order: 4)
General
ActionCreate
Task
Name KMSSet to Local
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. At task creation/modification
Activate 8-8-2022 15:48:30Synchronize across time zones No
Enabled Yes
Actions
1. Start a program
Program/script \\grkalfs01\netconfigfiles\Kenya\Servers\KMStoLocal.bat
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
Scheduled Task (At least Windows 7) (Name: SeriouSAM HiveNightmare vulnerability)
SeriouSAM HiveNightmare vulnerability (Order: 5)
General
ActionUpdate
Task
Name SeriouSAM HiveNightmare vulnerability
Author EMEA\tentolouris.5-adm
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges LeastPrivilege
Hidden No
Configure for 1.2
Enabled Yes
Triggers
1. At startup
Enabled Yes
Actions
1. Start a program
Program/script C:\Windows\System32\cmd.exe
Arguments /c IF NOT EXIST C:\TPSTUFF\MARK-SeriousSAMHiveNightmareRemediation.txt icacls %windir%\system32\config\*.* /inheritance:e>>"C:\TPSTUFF\MARK-SeriousSAMHiveNightmareRemediation.txt"
Settings
Stop if the computer ceases to be idle No
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power No
Allow task to be run on demand No
Stop task if it runs longer than Immediately
If the running task does not end when requested, force it to stop No
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: Disable_Bluetooth)
Disable_Bluetooth (Order: 6)
General
ActionCreate
Task
Name Disable_Bluetooth
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. At task creation/modification
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass -file "\\Kenbofs01\kenboit$\PS\DisableBluetooth.ps1"
Start in \\Kenbofs01\kenboit$\PS
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
Scheduled Task (At least Windows 7) (Name: Load STart Layout)
Load STart Layout (Order: 7)
General
ActionCreate
Task
Name Load STart Layout
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. At task creation/modification
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass \\grkalfs01\netconfigfiles\Kenya\Settings\LayoutPowershell\LayoutAdd.ps1
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
Scheduled Task (At least Windows 7) (Name: LockScreenFix)
LockScreenFix (Order: 8)
General
ActionUpdate
Task
Name LockScreenFix
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. On local connection to user session
Delay task for 30 minutes
Enabled Yes
2. Run at user logon
Delay task for 30 minutes
Enabled Yes
3. On workstation unlock
Delay task for 30 minutes
Enabled Yes
4. On remote connection to user session
Delay task for 1 minute
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass -file "\\Kenbofs01\kenboit$\PS\LockScreenFix.ps1"
Start in \\Kenbofs01\kenboit$\PS
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: DisableCBSBuiltinApps)
DisableCBSBuiltinApps (Order: 9)
General
ActionCreate
Task
Name DisableCBSBuiltinApps
Author EMEA\tentolouris.5-adm
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.2
Enabled Yes
Triggers
1. At task creation/modification
Enabled Yes
2. At startup
Enabled Yes
Actions
1. Start a program
Program/script Powershell.exe
Arguments -ExecutionPolicy Bypass C:\TPSTUFF\DisableCBSBuiltinApps.ps1
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power Yes
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Scheduled Task (At least Windows 7) (Name: RunUpdates)
RunUpdates (Order: 10)
General
ActionCreate
Task
Name RunUpdates
Author EMEA\tentolouris.5
Description
Run only when user is logged on
GroupId NT AUTHORITY\SYSTEM
Run with highest privileges HighestAvailable
Hidden Yes
Configure for 1.3
Enabled Yes
Triggers
1. At startup
Activate 13-4-2020 09:24:03Synchronize across time zones No
Enabled Yes
Actions
1. Start a program
Program/script C:\Windows\System32\UsoClient.exe
Arguments StartInstall
Settings
Stop if the computer ceases to be idle Yes
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power Yes
Allow task to be run on demand Yes
Run task as soon as possible after a scheduled start is missed Yes
Stop task if it runs longer than 8 hours
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies StopExisting
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.