| LT-PO-SEC-C-Laptops common policy | |
| Data collected on: 2-9-2025 09:03:47 | |
| Domain | emea.tpg.ads |
| Owner | EMEA\kornev.5 |
| Created | 5-6-2017 13:40:18 |
| Modified | 6-2-2025 14:34:52 |
| User Revisions | 1 (AD), 1 (SYSVOL) |
| Computer Revisions | 1 (AD), 1 (SYSVOL) |
| Unique ID | {3f4b73c5-8200-4b31-b52a-e7a97c79c46c} |
| GPO Status | Enabled |
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| Managers Laptops | No | Enabled | emea.tpg.ads/LT/Systems/Clients/VNO/Managers Laptops |
| Name |
|---|
| NT AUTHORITY\Authenticated Users |
| Name | Allowed Permissions | Inherited |
|---|---|---|
| EMEA\Domain Admins | Edit settings, delete, modify security | No |
| EMEA\kornev.5 | Edit settings, delete, modify security | No |
| EMEA\LT-L-SEC-Delegation Group Policy Objects Modify Access | Edit settings, delete, modify security | No |
| EMEA\RU-L-SEC-Delegation Group Policy Objects Modify Access | Edit settings, delete, modify security | No |
| NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
| ROOT\Enterprise Admins | Edit settings, delete, modify security | No |
| Policy | Setting |
|---|---|
| Policy version | 2.22 |
| Disable stateful FTP | Not Configured |
| Disable stateful PPTP | Not Configured |
| IPsec exempt | Not Configured |
| IPsec through NAT | Not Configured |
| Preshared key encoding | Not Configured |
| SA idle time | Not Configured |
| Strong CRL check | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | Off |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | On |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | On |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Connection-specific DNS suffix | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| DNS servers | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| DNS suffix search list | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Dynamic update | Enabled | |||
| Primary DNS suffix | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Register DNS records with connection-specific DNS suffix | Enabled | |||
| Register PTR records | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Prohibit use of Internet Connection Firewall on your DNS domain network | Enabled |
| Policy | Setting | Comment |
|---|---|---|
| Windows Defender Firewall: Protect all network connections | Disabled |
| Policy | Setting | Comment |
|---|---|---|
| Windows Defender Firewall: Protect all network connections | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Configure user Group Policy loopback processing mode | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Require additional authentication at startup | Enabled | |||||||||||||||
| ||||||||||||||||
| Policy | Setting | Comment | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Site to Zone Assignment List | Enabled | |||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||
| Action | Replace |
| Source file(s) | \\rumosfs01.emea.tpg.ads\REMINST\Software\hosts |
| Destination file | %SystemRoot%\System32\drivers\etc\hosts |
| Suppress errors on individual file actions | Enabled |
| Read-only | Disabled |
| Hidden | Disabled |
| Archive | Enabled |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Key path | SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |
| Value name | Shell |
| Value type | REG_SZ |
| Value data | explorer.exe |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_LOCAL_MACHINE |
| Key path | SOFTWARE\Wow6432Node\Microsoft\Silverlight |
| Value name | AllowElevatedTrustAppsInBrowser |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_LOCAL_MACHINE |
| Key path | SOFTWARE\Wow6432Node\Microsoft\Silverlight |
| Value name | AllowLaunchOfElevatedTrustApps |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_LOCAL_MACHINE |
| Key path | SOFTWARE\Microsoft\Silverlight |
| Value name | AllowElevatedTrustAppsInBrowser |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_LOCAL_MACHINE |
| Key path | SOFTWARE\Microsoft\Silverlight |
| Value name | AllowLaunchOfElevatedTrustApps |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| Value name | ProxyEnable |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Replace |
| Target type | File system object |
| Shortcut path | %DesktopDir%\KeePass TP |
| Target path | C:\PortableApps\KeePassTP\KeePass.exe |
| Start in | C:\PortableApps\KeePassTP |
| Icon path | C:\PortableApps\KeePassTP\KeePass.exe |
| Icon index | 0 |
| Shortcut key | None |
| Run | Normal window |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | Yes |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Startup options | Start with home page |
| Delete browsing history on exit | No |
| Enable Tabbed Browsing (requires restart) | Enabled |
| Warn me when closing multiple tabs | Enabled |
| Always switch to new tabs when they are created | Disabled |
| Show previews for individual tabs in the taskbar | Disabled |
| Enable Quick Tabs (requires restart) | Enabled |
| Enable Tab Groups | Enabled |
| Open only the first home page when Internet Explorer starts | Disabled |
| Open new tabs next to the current tab | Enabled |
| When a new tab is opened, open: | A blank page |
| When a pop-up is encountered | Let Internet Explorer decide how pop-ups should open |
| Open links from other programs in | A new tab in the current window |
| Internet | Medium-high |
| Local Intranet | Custom |
| Trusted | Medium-low |
| Restricted | High |
| Enable Protected Mode | Disabled |
| Loose XAML | Enabled |
| XAML browser applications | Enabled |
| XPS documents | Enabled |
| Permissions for components with manifests | High Safety |
| Run components not signed with Authenticode | Enabled |
| Run components signed with Authenticode | Enabled |
| Allow ActiveX Filtering | Disabled |
| Allow previously unused ActiveX controls to run without prompt | Enabled |
| Allow Scriptlets | Enabled |
| Automatic prompting for ActiveX controls | Enabled |
| Binary and script behaviors | Enabled |
| Display video and animation on a webpage that does not use external media player | Disabled |
| Download signed ActiveX controls | Enabled |
| Download unsigned ActiveX controls | Prompt |
| Initialize and script ActiveX controls not marked as safe for Scripting | Prompt |
| Only allow approved domains to use ActiveX without prompt | Enabled |
| Run ActiveX controls and plug-ins | Enabled |
| Script ActiveX controls marked safe for scripting | Enabled |
| File download | Enabled |
| Font download | Enabled |
| Enable .NET Framework setup | Enabled |
| Access data sources across domains | Enabled |
| Render legacy filters | Enabled |
| Allow dragging of content between domains into separate windows | Disabled |
| Allow dragging of content between domains into the same window | Disabled |
| Allow METAREFRESH | Enabled |
| Allow scripting of Internet Explorer web browser control | Enabled |
| Allow script-initiated windows without size or position constraints | Enabled |
| Allow webpages to use restricted protocols for active content | Prompt |
| Allow websites to open windows without address or status bars | Enabled |
| Display mixed content | Enabled |
| Do not prompt for client certificate selection when no certificates or only one certificate exists. | Enabled |
| Drag and drop or copy and paste files | Enabled |
| Enable MIME Sniffing | Enabled |
| Include local directory path when uploading files to server | Enabled |
| Launching applications and unsafe files | Enabled |
| Launching programs and files in an IFRAME | Enabled |
| Navigate sub-frames across different domains | Enabled |
| Submit nonencrypted form data | Enabled |
| Use Phishing Filter | Disabled |
| Use Pop-up Blocker | Disabled |
| Userdata persistence | Enabled |
| Websites in less privileged web content zone can navigate into this zone | Prompt |
| Active scripting | Enabled |
| Allow Programmatic clipboard access | Enabled |
| Allow Status bar updates via script | Enabled |
| Allow websites to prompt for information using scripted windows | Enabled |
| Enable XSS filter | Enabled |
| Scripting of java applets | Enabled |
| User Authentication | Automatic logon with current username and password |
| Enable Protected Mode | Disabled |
| Enable Protected Mode | Disabled |
| Enable Protected Mode | Enabled |
| Turn on Pop-up Blocker | Enabled |
| Allowed site | *.ihelpu.nl |
| Allowed site | *.paymentgate.ru |
| Allowed site | *.zoho.com |
| Play a sound when a pop-up is blocked | Enabled |
| Show Information Bar when a pop-up is blocked | Enabled |
| Filter level | Medium: Block most automatic pop-ups |
| Never allow websites to request your physical location | Disabled |
| Disable toolbars and extensions when InPrivate Browsing starts | Enabled |
| Connection behavior | Never dial a connection |
| Automatically detect settings | No |
| Use automatic configuration script | http://rumosfs01.emea.tpg.ads/autoproxy/proxyMCGW.pac |
| Use a proxy server for your LAN (These settings will not apply to a dial-up or VPN connections) | No |
| Choose how you open links | Always in Internet Explorer on the desktop |
| Open Internet Explorer tiles on the desktop | Enabled |
| User software rendering instead of GPU rendering | Disabled |
| Always expand ALT text for images | Disabled |
| Enable Caret Browser for new windows and tabs | Disabled |
| Move system caret with focus/selection changes | Disabled |
| Play system sounds | Disabled |
| Reset text size to medium for new windows and tabs | Disabled |
| Reset Zoom level for new windows and tabs | Disabled |
| Automatically recover from page layout errors with Compatibility View | Enabled |
| Close unused folders in History and Favorites (requires restart) | Disabled |
| Disable Script debugging (Internet Explorer) | Enabled |
| Disable Script debugging (Other) | Enabled |
| Display a notification about every script error | Disabled |
| Display Accelerator button on selection | Disabled |
| Enable automatic crash recovery | Enabled |
| Enable flip ahead | Disabled |
| Enable FTP folder view (outside of Internet Explorer) | Enabled |
| Enable Suggested Sites | Disabled |
| Enable third-party browser extensions (requires restart) | Disabled |
| Enable visual styles on buttons and controls in webpages | Enabled |
| Enable websites to use the search pane | Disabled |
| Go to an intranet site for a single word entry in the Address bar | Disabled |
| Notify when downloads complete | Enabled |
| Reuse windows for launching shortcuts | Enabled |
| Show Friendly HTTP Error messages | Enabled |
| Tell me if Internet Explorer is not the default web browser | Enabled |
| Underline links | Always |
| Use inline AutoComplete | Enabled |
| Use inline Autocomplete in File Explorer and Run Dialog | Disabled |
| Use most recent order when switching tabs with Ctrl+Tab | Disabled |
| Use Passive FTP (for firewall and DSL model compatibility) | Enabled |
| Use smooth scrolling | Enabled |
| Use HTTP 1.1 | Enabled |
| Use HTTP 1.1 through proxy connections | Enabled |
| Always show encoded addresses | Disabled |
| Send IDN server names | Enabled |
| Send IDN server names for Intranet addresses | Disabled |
| Send UTF-8 URLs | Enabled |
| Show Information Bar for encoded addresses | Enabled |
| Enable alternative codecs in HTML5 media elements | Enabled |
| Enable Automatic Image Resizing | Enabled |
| Play animations in webpages | Disabled |
| Play sounds in webpages | Disabled |
| Show image download placeholders | Disabled |
| Show pictures | Enabled |
| Allow active content from CDs to run on My Computer | Disabled |
| Allow active content to run in files on My Computer | Disabled |
| Always send Do Not Track header | Disabled |
| Allow software to run or install even if the signature is invalid | Disabled |
| Block unsecured images with other mixed content | Disabled |
| Check for publisher's certificate revocation | Enabled |
| Check for server certificate revocation (requires restart) | Enabled |
| Check for signatures on downloaded programs | Enabled |
| Do not save encrypted pages to disk | Enabled |
| Empty Temporary Internet Files folder when browser is closed | Enabled |
| Enable memory protection to help mitigate online attacks | Disabled |
| Enable DOM Storage | Enabled |
| Enable Enhanced Protected Mode | Disabled |
| Enable Integrated Windows Authentication (requires restart) | Enabled |
| Enable native XMLHTTP support | Enabled |
| Enable SmartScreen Filter | Disabled |
| Use SSL 2.0 | Disabled |
| Use SSL 3.0 | Disabled |
| Use TLS 1.0 | Enabled |
| Use TLS 1.1 | Enabled |
| Use TLS 1.2 | Enabled |
| Warn about certificate address mismatch | Enabled |
| Warn if changing between secure and not secure mode | Disabled |
| Warn if POST submittal is redirected to a zone that does not permit posts | Enabled |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Apply once and do not reapply | No |
| Attribute | Value |
|---|---|
| bool | AND |
| not | 0 |
| name | EMEA\RU-L-SEC-Internet Settings AutoConfigMCGW |
| sid | S-1-5-21-513466819-3096973226-347852806-204209 |
| userContext | 1 |
| primaryGroup | 0 |
| localGroup | 0 |