Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
LT-PO-WIN-C-Default Systems Policy Citrix
Data collected on: 2-9-2025 12:20:03
General
Details
Domainemea.tpg.ads
OwnerEMEA\saveljevas.5-adm
Created20-9-2024 09:35:38
Modified6-6-2025 13:52:16
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions7 (AD), 7 (SYSVOL)
Unique ID{f013f618-ef8d-42ad-9cb6-c8dd33e35acc}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
CitrixNoEnabledemea.tpg.ads/LT/Systems/Citrix

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\saveljevas.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Deny log on as a batch jobBUILTIN\Guests
Deny log on as a serviceBUILTIN\Guests
Deny log on locallyBUILTIN\Guests, EMEA\LT-L-SEC-GPO Deny log on locally
Deny log on through Terminal ServicesBUILTIN\Guests, EMEA\LT-L-SEC-GPO Deny log on locally
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Guest account statusDisabled
Accounts: Rename administrator account"uoincs"
Accounts: Rename guest account"xGuest"
Audit
PolicySetting
Audit: Audit the access of global system objectsDisabled
Audit: Audit the use of Backup and Restore privilegeDisabled
Audit: Shut down system immediately if unable to log security auditsDisabled
Domain Member
PolicySetting
Domain member: Digitally encrypt or sign secure channel data (always)Enabled
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Domain member: Require strong (Windows 2000 or later) session keyEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Message text for users attempting to log onŠi kompiuterinė sistema (įskaitant aparatinę dalį, programinę ir periferinę, įrangą) yra kompanijos Teleperformance nuosavybė. Šios kompiuterinės, sistemos naudojimas yra skirtas tik kompanijos darbo procesams vykdyti., Teleperformance pasilieka teisę vykdyti darbo su šia kompiuterine sistema, stebėseną bet kuriuo metu. Naudojimasis šia kompiuterine sistema,, reiškia sutikimą darbo stebėsenai vykdyti. Bet koks nesankcionuotas, prisijungimas, naudojimas arba kompiuterinės sistemos pakeitimas gali, užtraukti administracinę ir/arba baudžiamąją atsakomybę., ---, This computer system (including all hardware, software, and peripheral, equipment) is the property of Teleperformance. Usage of this computer, system is restricted to official Teleperformance business., Teleperformance reserves the right to monitor usage of this computer, system at any time. Usage of this system constitutes consent to such, monitoring. Any unauthorized access, usage, or modification of this, computer system can result in civil liability and/or criminal penalties.
Interactive logon: Message title for users attempting to log on"Įspėjimas / Warning"
Interactive logon: Number of previous logons to cache (in case domain controller is not available)50 logons
Interactive logon: Prompt user to change password before expiration5 days
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (always)Enabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Do not allow anonymous enumeration of SAM accountsEnabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network access: Named Pipes that can be accessed anonymouslyCOMNAP, COMNODE, SQL\QUERY, SPOOLSS, LSARPC, LLSRPC, netlogon, samr
Network access: Sharing and security model for local accountsClassic - local users authenticate as themselves
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: Force logoff when logon hours expireDisabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Other
PolicySetting
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsEnabled
Event Log
PolicySetting
Maximum security log size20480 kilobytes
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
DStver CADStver CA30-5-2031 10:56:12<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Publishers Certificates
Issued ToIssued ByExpiration DateIntended Purposes
TPRUCodeSigningCertificateDStver CA25-1-2022 14:12:23Time Stamping, Code Signing
TPRUCodeSigningCertificateDStver CA1-2-2027 13:03:35Time Stamping, Code Signing
TPRUPackagesSigningCertificateDStver CA25-1-2022 16:04:08Time Stamping, Code Signing
TPRUPackagesSigningCertificateDStver CA1-2-2027 13:06:20Time Stamping, Code Signing

For additional information about individual settings, launch the Local Group Policy Object Editor.
Advanced Audit Configuration
Account Logon
PolicySetting
Audit Credential ValidationSuccess, Failure
Audit Kerberos Authentication ServiceSuccess, Failure
Audit Kerberos Service Ticket OperationsSuccess, Failure
Audit Other Account Logon EventsSuccess, Failure
Account Management
PolicySetting
Audit Application Group ManagementSuccess, Failure
Audit Computer Account ManagementSuccess, Failure
Audit Distribution Group ManagementNo Auditing
Audit Other Account Management EventsSuccess, Failure
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit DPAPI ActivityNo Auditing
Audit PNP ActivityNo Auditing
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess, Failure
Audit RPC EventsNo Auditing
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess
Audit User / Device ClaimsNo Auditing
Audit IPsec Extended ModeNo Auditing
Audit IPsec Main ModeNo Auditing
Audit IPsec Quick ModeNo Auditing
Audit LogoffSuccess, Failure
Audit LogonSuccess, Failure
Audit Network Policy ServerSuccess, Failure
Audit Other Logon/Logoff EventsSuccess, Failure
Audit Special LogonSuccess, Failure
Object Access
PolicySetting
Audit Detailed File ShareNo Auditing
Audit File ShareFailure
Audit Filtering Platform ConnectionNo Auditing
Audit Filtering Platform Packet DropNo Auditing
Audit Handle ManipulationNo Auditing
Audit Kernel ObjectNo Auditing
Audit Other Object Access EventsNo Auditing
Audit RegistryNo Auditing
Audit Removable StorageSuccess, Failure
Audit SAMNo Auditing
Audit Central Access Policy StagingNo Auditing
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
Audit Authorization Policy ChangeNo Auditing
Audit Filtering Platform Policy ChangeNo Auditing
Audit MPSSVC Rule-Level Policy ChangeNo Auditing
Audit Other Policy Change EventsNo Auditing
Privilege Use
PolicySetting
Audit Non Sensitive Privilege UseNo Auditing
Audit Other Privilege Use EventsNo Auditing
Audit Sensitive Privilege UseSuccess, Failure
System
PolicySetting
Audit IPsec DriverNo Auditing
Audit Other System EventsSuccess, Failure
Audit Security State ChangeSuccess, Failure
Audit Security System ExtensionSuccess, Failure
Audit System IntegritySuccess, Failure
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow Diagnostic DataDisabled
Do not show feedback notificationsEnabled
Windows Components/Search
PolicySettingComment
Allow Cloud SearchDisabled
Allow CortanaDisabled
Allow Cortana above lock screenDisabled
Allow Cortana Page in OOBE on an AAD accountDisabled
Allow search and Cortana to use locationDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Don't search the web or display web results in Search over metered connectionsEnabled
Preferences
Windows Settings
Registry
CWDIllegalInDllSearch (Order: 1)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager
Value nameCWDIllegalInDllSearch
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
CrashDumpEnabled (Order: 2)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\CrashControl
Value nameCrashDumpEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
EnableLegacyAutoProxyFeatures (Order: 3)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value nameEnableLegacyAutoProxyFeatures
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AllowgameDVR (Order: 4)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\GameDVR
Value nameAllowgameDVR
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
QualityCompat (Order: 5)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat
Value namecadca5fe-87d3-4b96-b7fb-a231484277cc
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Unsigned driver Policy (Order: 6)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Driver Signing
Value namePolicy
Value typeREG_BINARY
Value data01
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: CVE-2017-8529 fix
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: iexplore.exe
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: iexplore.exe x64
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Item-level targeting: Environment Variable
AttributeValue
boolAND
not0
variableNamePROCESSOR_ARCHITECTURE
valueAMD64
Collection: MS15-124 fix
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: iexplore.exe
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: iexplore.exe
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value nameiexplore.exe
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Prevent ransomware
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: Debugger
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system_a.exe
Value nameDebugger
Value typeREG_SZ
Value data"c:\windows\system32\systray.exe" /z
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.