Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
MG-PO-WIN-C-Windows 11 Hardening
Data collected on: 2-9-2025 12:47:25
General
Details
Domainemea.tpg.ads
OwnerEMEA\manantenason.5-adm
Created11-3-2025 10:56:52
Modified13-4-2025 13:51:52
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions91 (AD), 91 (SYSVOL)
Unique ID{b9f26ee0-aa89-40c4-a477-e95d07dc17c0}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/MG/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\MG-L-SEC-GPO-Hardening_Computers_Windows11
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\manantenason.5-admEdit settings, delete, modify securityNo
EMEA\MG-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\MG-L-SEC-Delegation Group Policy Objects Modify AccessEdit settings, delete, modify securityNo
EMEA\MG-L-SEC-GPO-Hardening_Computers_Windows11Read (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Deny log on locallyEMEA\MG-L-SEC-GPO-Waha-Folder_Redirection_Startmenu, EMEA\MGANT-G-ORG-GPO-WAHA_User_Configuration_2024
Local Policies/Security Options
User Account Control
PolicySetting
User Account Control: Admin Approval Mode for the Built-in Administrator accountDisabled
User Account Control: Behavior of the elevation prompt for standard usersPrompt for credentials
User Account Control: Detect application installations and prompt for elevationEnabled
System Services
Application Identity (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Bluetooth Support Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Defender Advanced Threat Protection Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Microsoft Defender Antivirus Network Inspection Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Microsoft Defender Antivirus Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
WlanSvc (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Application Control Policies
Appx Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryoneWindows Immersivecontrolpanel, de Microsoft CorporationPublisherNo
AllowBUILTIN\AdministratorsSigné par Microsoft CorporationPublisherNo
AllowEveryoneMicrosoftWindows.Client.WebExperience, de Microsoft WindowsPublisherNo
AllowEveryoneRealtekSemiconductorCorp.HPAudioControl, de Realtek Semiconductor CorpPublisherNo
AllowEveryoneF46D4000-FD22-4DB4-AC8E-4E1DDDE828FE, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.BingWeather, de Microsoft CorporationPublisherNo
AllowNT AUTHORITY\SYSTEMSigné par Microsoft WindowsPublisherNo
AllowBUILTIN\AdministratorsSigné par Microsoft CorporationPublisherNo
AllowEveryoneMicrosoftWindows.CrossDevice, de Microsoft WindowsPublisherNo
AllowEveryoneMicrosoft.Windows.Apprep.ChxApp, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.AAD.BrokerPlugin, de Affecté par votre organisationPublisherNo
AllowEveryoneMicrosoft.LanguageExperiencePackfr-FR, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ParentalControls, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.XGpuEjectDialog, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Winget.Source, de Microsoft CorporationPublisherNo
AllowEveryoneMSTeams, de MicrosoftPublisherNo
AllowEveryoneMicrosoft.WindowsCalculator, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.NarratorQuickStart, de MicrosoftPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Windows.DevHome, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Paint, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesNcsiUwpApp, de MicrosoftPublisherNo
AllowEveryoneMicrosoft.LockApp, de Microsoft CorporationPublisherNo
AllowEveryoneRealtekSemiconductorCorp.HPAudioControl, de Realtek Semiconductor CorpPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.SecHealthUI, de Microsoft CorporationPublisherNo
AllowEveryoneE2A4F912-2574-4A75-9BB0-0D023378592B, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.DesktopAppInstaller, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.BioEnrollment, de Microsoft CorporationPublisherNo
AllowNT AUTHORITY\SYSTEM"", version 0.0.0.0 versions ultérieures, depuis MicrosoftPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.XboxGameCallableUI, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.CallingShellApp, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ShellExperienceHost, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.BingNews, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Todos, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.StartMenuExperienceHost, de ms-resource:StartMenuExperienceHost/PublisherDisplayNamePublisherNo
AllowEveryoneMicrosoft.Windows.PeopleExperienceHost, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.Photos, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.PinningConfirmationDialog, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.AccountsControl, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.AssignedAccessLockApp, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.PowerAutomateDesktop, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.CredDialogHost, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.CloudExperienceHost, de E-mail, téléphone ou SkypePublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesClipchamp.Clipchamp, de Microsoft Corp.PublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Windows.Search, de CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=USPublisherNo
AllowEveryoneWindows.CBSPreview, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ContentDeliveryManager, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.AsyncTextService, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoftWindows.Client.CBS, de Microsoft WindowsPublisherNo
AllowEveryoneMicrosoft.ECApp, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.WindowsNotepad, de Microsoft CorporationPublisherNo
AllowEveryone1527c705-839a-4832-9118-54d4Bd6a0c89, de Microsoft CorporationPublisherNo
AllowEveryonec5e2524a-ea46-4f67-841f-6a9465d9d515, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.SecureAssessmentBrowser, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.BioEnrollment, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ContentDeliveryManager, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Windows.Apprep.ChxApp, de Microsoft CorporationPublisherNo
AllowEveryoneNcsiUwpApp, de MicrosoftPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.GamingApp, de Microsoft CorporationPublisherNo
AllowEveryoneRealtekSemiconductorCorp.RealtekAudioControl, de Realtek Semiconductor CorpPublisherNo
AllowNT AUTHORITY\NETWORK SERVICESigné par Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoftCorporationII.QuickAssist, de Microsoft Corp.PublisherNo
AllowEveryoneMicrosoft.Windows.PrintQueueActionCenter, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.SecHealthUI, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.CapturePicker, de Microsoft CorporationPublisherNo
AllowNT AUTHORITY\SYSTEMMicrosoftWindows.Client.WebExperience, de Microsoft WindowsPublisherNo
AllowEveryoneMicrosoft.Win32WebViewHost, de Microsoft CorporationPublisherNo
AllowNT AUTHORITY\SYSTEMMicrosoft.WindowsStore, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.WindowsStore, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.WindowsTerminal, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.BingSearch, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.MicrosoftEdgeDevToolsClient, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.Windows.ContentDeliveryManage de Microsoft CorporationPublisherNo
AllowEveryoneWindows.PrintDialog, de Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.MicrosoftEdge.Stable, de Microsoft CorporationPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMicrosoft.WindowsStore, de Microsoft CorporationPublisherNo
Dll Rules
No rules of type 'Dll Rules' are defined.
Executable Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryoneFILESYNCCONFIG.EXE, dans MICROSOFT ONEDRIVE, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesWORDPAD.EXE, dans MICROSOFT® WINDOWS® OPERATING SYSTEM, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneTEAMS.EXE, dans MICROSOFT TEAMS, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesPOWERSHELL_ISE.EXE, dans MICROSOFT® WINDOWS® OPERATING SYSTEM, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneUPDATE.EXE, dans MICROSOFT TEAMS, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesMMC.EXE, dans MICROSOFT® WINDOWS® OPERATING SYSTEM, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneONEDRIVE.EXE, dans MICROSOFT ONEDRIVE, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneWEXTRACT.EXE .MUI, dans INTERNET EXPLORER, de O=CITRIX SYSTEMS, INC., L=FORT LAUDERDALE, S=FLORIDA, C=USPublisherNo
DenyEMEA\MG-L-SEC-Disable Win11 FeaturesPOWERSHELL.EXE, dans MICROSOFT® WINDOWS® OPERATING SYSTEM, de O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryone\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\*PathNo
AllowEveryone\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\*\User\Scripts\Logon\Logsession.exePathNo
AllowEveryone%OSDRIVE%\PROGRAMDATA\*\SQUIRRELTEMP\*PathNo
AllowNT AUTHORITY\SYSTEMTous les fichiersPathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.vbsPathNo
AllowNT AUTHORITY\NETWORK SERVICETous les fichiersPathNo
AllowEveryone%OSDRIVE%\*\Zoiper.exePathNo
AllowEveryone%OSDRIVE%\TPBlackout\*PathNo
AllowEveryoneC:\ProgramData\Microsoft\GroupPolicy\*PathNo
AllowEveryone\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\*\User\Scripts\Logoff\Logsession.exePathNo
AllowEveryone%OSDRIVE%\*\TPBlackout.exePathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.vbPathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.exePathNo
AllowEveryone(Règle par défaut) Tous les fichiers se trouvant dans le dossier Program FilesPathNo
AllowEveryone%OSDRIVE%\USERS\*\APPDATA\LOCAL\SQUIRRELTEMP\*PathNo
AllowEveryone(Règle par défaut) Tous les fichiers se trouvant dans le dossier WindowsPathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.batPathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.ps1PathNo
AllowEveryone%OSDRIVE%\USERS\*\APPDATA\LOCAL\MICROSOFT\TEAMS\CURRENT\SQUIRREL.EXEPathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.cmdPathNo
AllowEveryone%OSDRIVE%\USERS\*\APPDATA\LOCAL\CITRIX\AGEE\*PathNo
AllowEveryone%OSDRIVE%\USERS\*\AppData\Roaming\Microsoft\Teams\tmp\*PathNo
DenyEMEA\MG-L-SEC-Disable Win11 Features%OSDRIVE%\USERS\Downloads\*.msiPathNo
AllowBUILTIN\Administrators(Règle par défaut) Tous les fichiersPathNo
Windows Installer Rules
No rules of type 'Windows Installer Rules' are defined.
Script Rules
PolicySetting
Enforce rules of this typeTrue

No rules of type 'Script Rules' are defined.
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Regional and Language Options
PolicySettingComment
Allow users to enable online speech recognition servicesDisabled
Control Panel/Regional and Language Options/Handwriting personalization
PolicySettingComment
Turn off automatic learningEnabled
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Offline Files
PolicySettingComment
Prevent use of Offline Files folderEnabled
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
System/Group Policy
PolicySettingComment
Continue experiences on this deviceDisabledDésactivé pour bloquer le partage de proximité (Nearby Sharing) de la zone d'accès rapide
System/Internet Communication Management/Internet Communication settings
PolicySettingComment
Turn off access to the StoreEnabled
Turn off handwriting personalization data sharingEnabled
Turn off handwriting recognition error reportingEnabled
Turn off Help and Support Center "Did you know?" contentEnabled
Turn off the Windows Messenger Customer Experience Improvement ProgramEnabled
Turn off Windows Error ReportingEnabled
System/OS Policies
PolicySettingComment
Allow publishing of User ActivitiesDisabled
Allow upload of User ActivitiesDisabled
Enables Activity FeedDisabled
System/Power Management/Hard Disk Settings
PolicySettingComment
Turn Off the hard disk (plugged in)Enabled
Turn Off the Hard Disk (seconds):0
System/Power Management/Sleep Settings
PolicySettingComment
Allow standby states (S1-S3) when sleeping (on battery)Disabled
Allow standby states (S1-S3) when sleeping (plugged in)Disabled
System/Recovery
PolicySettingComment
Allow restore of system to default stateDisabled
System/System Restore
PolicySettingComment
Turn off ConfigurationEnabled
Turn off System RestoreEnabled
System/User Profiles
PolicySettingComment
Do not log users on with temporary profilesEnabled
Turn off the advertising IDEnabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access account informationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access call historyEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access contactsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access diagnostic information about other appsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access emailEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access locationEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access messagingEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access motionEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access notificationsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access TasksEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the calendarEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the cameraEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access the microphoneEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps access trusted devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps communicate with unpaired devicesEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps control radiosEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps make phone callsEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
PolicySettingComment
Let Windows apps run in the backgroundEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/Application Compatibility
PolicySettingComment
Remove Program Compatibility Property PageEnabled
Turn off Application Compatibility EngineEnabled
Turn off Application TelemetryEnabled
Turn off Inventory CollectorEnabled
Turn off Program Compatibility AssistantEnabled
Turn off Steps RecorderEnabled
Turn off SwitchBack Compatibility EngineEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Disallow Autoplay for non-volume devicesEnabled
Prevent AutoPlay from remembering user choices.Enabled
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsEnabled
Turn off Microsoft consumer experiencesEnabled
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow Diagnostic DataEnabled
Diagnostic data off (not recommended)
PolicySettingComment
Configure the Commercial IDDisabled
Do not show feedback notificationsEnabled
Limit optional diagnostic data for Desktop AnalyticsDisabled
Toggle user control over Insider buildsDisabled
Windows Components/Desktop Gadgets
PolicySettingComment
Turn off desktop gadgetsEnabled
Windows Components/File Explorer
PolicySettingComment
Do not show the 'new application installed' notificationEnabled
Start File Explorer with ribbon minimizedEnabled
Pick one of the following settings 
Windows Components/File History
PolicySettingComment
Turn off File HistoryEnabled
Windows Components/Find My Device
PolicySettingComment
Turn On/Off Find My DeviceDisabled
Windows Components/Game Explorer
PolicySettingComment
Turn off downloading of game informationEnabled
Turn off game updatesEnabled
Turn off tracking of last play time of games in the Games folderEnabled
Windows Components/Location and Sensors
PolicySettingComment
Turn off locationEnabled
Turn off sensorsEnabled
Windows Components/Location and Sensors/Windows Location Provider
PolicySettingComment
Turn off Windows Location ProviderEnabled
Windows Components/Microsoft account
PolicySettingComment
Block all consumer Microsoft account user authenticationEnabled
Windows Components/Microsoft Defender Antivirus
PolicySettingComment
Turn off Microsoft Defender AntivirusEnabled
Windows Components/Microsoft Defender Antivirus/MAPS
PolicySettingComment
Configure local setting override for reporting to Microsoft MAPSDisabled
Join Microsoft MAPSEnabled
Join Microsoft MAPSDisabled
PolicySettingComment
Send file samples when further analysis is requiredEnabled
Send file samples when further analysis is requiredNever send
Windows Components/Microsoft Defender Antivirus/Real-time Protection
PolicySettingComment
Monitor file and program activity on your computerDisabled
Turn off real-time protectionDisabled
Turn on behavior monitoringDisabled
Turn on process scanning whenever real-time protection is enabledDisabled
Windows Components/OneDrive
PolicySettingComment
Prevent OneDrive files from syncing over metered connectionsEnabled
Metered Network SettingBlock syncing on all metered connections
PolicySettingComment
Prevent OneDrive from generating network traffic until the user signs in to OneDriveEnabled
Prevent the usage of OneDrive for file storageEnabled
Prevent the usage of OneDrive for file storage on Windows 8.1Enabled
Save documents to OneDrive by defaultDisabled
Windows Components/Online Assistance
PolicySettingComment
Turn off Active HelpEnabled
Windows Components/Push To Install
PolicySettingComment
Turn off Push To Install serviceEnabled
Windows Components/Search
PolicySettingComment
Allow Cloud SearchEnabled
Cloud Search SettingDisable Cloud Search
PolicySettingComment
Allow CortanaDisabled
Allow Cortana above lock screenDisabled
Allow indexing of encrypted filesDisabled
Allow search and Cortana to use locationDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Fully disable Search UIEnabled
Set what information is shared in SearchEnabled
Type of informationAnonymous info
Windows Components/Security Center
PolicySettingComment
Turn on Security Center (Domain PCs only)Disabled
Windows Components/Speech
PolicySettingComment
Allow Automatic Update of Speech DataDisabled
Windows Components/Tablet PC/Handwriting personalization
PolicySettingComment
Turn off automatic learningEnabled
Windows Components/Widgets
PolicySettingComment
Allow widgetsDisabled
Windows Components/Windows Defender SmartScreen/Explorer
PolicySettingComment
Configure Windows Defender SmartScreenDisabled
Windows Components/Windows Error Reporting
PolicySettingComment
Automatically send memory dumps for OS-generated error reportsDisabled
Disable Windows Error ReportingEnabled
Do not send additional dataEnabled
Windows Components/Windows Game Recording and Broadcasting
PolicySettingComment
Enables or disables Windows Game Recording and BroadcastingDisabled
Preferences
Windows Settings
Files
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1)
Group1 (Order: 1)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Supprime le bloc 1 du clic-droit sur le menu Démarrer
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2)
Group2 (Order: 2)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Supprime le bloc 2 du clic-droit sur le menu Démarrer
File (Target Path: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3)
Group3 (Order: 3)
General
ActionUpdate
Properties
Destination fileC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Supprime le bloc 3 du clic-droit sur le menu Démarrer
File (Target Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Bloc-Notes.lnk)
Bloc-Notes.lnk (Order: 4)
General
ActionCreate
Properties
Source file(s)\\emea.tpg.ads\sysvol\emea.tpg.ads\Policies\{B9F26EE0-AA89-40C4-A477-E95D07DC17C0}\Machine\Scripts\Bloc-Notes.lnk
Destination fileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Bloc-Notes.lnk
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveDisabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
DisableAntiSpyware (Order: 1)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
DisableAntiSpyware désactive l'antivirus Microsoft Defender
DisableWindowsConsumerFeatures (Order: 3)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\CloudContent
Value nameDisableWindowsConsumerFeatures
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Désactive les expériences Windows, les recommandations personnalisées de Microsoft
Start (Order: 4)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameStart
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Désactive le service Security Center au démarrage
DownloadMode (Order: 5)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config
Value nameDownloadMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Mode de téléchargement des mises à jours Windows, désactive le peering
EnableFirstLogonAnimation (Order: 7)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value nameEnableFirstLogonAnimation
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Désactive l’animation de première connexion sur Windows 10 / 11
Start (Order: 8)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\services\USBSTOR
Value nameStart
Value typeREG_DWORD
Value data0x4 (4)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Désactive les pilotes de stockage USB (Mass Storage)
{031E4825-7B94-4dc3-B131-E946B44C8DD} (Order: 9)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Bibliothèques du profil user
{1CF1260C-4DD0-4ebb-811F-33C572699FDE} (Order: 10)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Musiques du profil user
{374DE290-123F-4565-9164-39C4925E467B} (Order: 11)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Téléchargements du profil user
{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} (Order: 12)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Images du profil user
{A0953C92-50DC-43bf-BE83-3742FED03C9C} (Order: 13)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Vidéos du profil user
{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} (Order: 14)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Documents du profil user
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641} (Order: 15)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Desktop du profil user
{e88865ea-0e1c-4e20-9aa6-edcd0212c87c} (Order: 16)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e88865ea-0e1c-4e20-9aa6-edcd0212c87c}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Galerie du profil user
{f874310e-b6b7-47dc-bc84-b9e6b38f5903} (Order: 17)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{f874310e-b6b7-47dc-bc84-b9e6b38f5903}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Supprime Accueil du profil user
MicrosoftWindows.Client.CBS-WebExperienceHostApp.exe (Order: 18)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
Value nameMicrosoftWindows.Client.CBS-WebExperienceHostApp.exe
Value typeREG_SZ
Value datav2.32|Action=Block|Active=TRUE|Dir=Out|App=C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WebExperienceHostApp.exe|Name=Blocage du flux WebExperienceHostApp.exe|Desc=Blocage du flux WebExperienceHostApp.exe|
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Blocage du flux FireWall sur WebExperienceHostApp.exe
value (Order: 19)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\PolicyManager\default\Connectivity\AllowBluetooth
Value namevalue
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Désactive le Bluetooth et le masque de la Zone notification
Type (Order: 20)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\ActionCenter\Quick Actions\All\SystemSettings_Device_BluetoothQuickAction
Value nameType
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Masqiue le Bluetooth la Zone notification QuickAction
LetAppsAccessMicrophone (Order: 21)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSoftware\Policies\Microsoft\Windows\AppPrivacy
Value nameLetAppsAccessMicrophone
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Supprime la restriction micro dans Confidentialité et Sécurité
IsEducationEnvironment (Order: 22)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\PolicyManager\current\device\Education
Value nameIsEducationEnvironment
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Bloque la partie recommandation du menu Démarrer
HideRecommendedSection (Order: 23)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\Explorer
Value nameHideRecommendedSection
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Bloque la partie recommandation du menu Démarrer
NoOpenWith (Order: 24)
General
ActionDelete
Properties
HiveHKEY_CLASSES_ROOT
Key pathApplications\notepad.exe
Value nameNoOpenWith
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Rajoute l'ancien Bloc-Notes (C:\Windows\notepad.exe) aux applications utilisables
DefaultIcon (Order: 25)
General
ActionCreate
Properties
HiveHKEY_CLASSES_ROOT
Key pathtxtfilelegacy\DefaultIcon
Value name(Default)
Value typeREG_SZ
Value dataimageres.dll,-102
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Rajoute l'ancien Bloc-Notes (C:\Windows\notepad.exe) aux applications utilisables
command (Order: 26)
General
ActionCreate
Properties
HiveHKEY_CLASSES_ROOT
Key pathtxtfilelegacy\shell\open\command
Value name(Default)
Value typeREG_SZ
Value dataC:\Windows\System32\notepad.exe "%1"
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Rajoute l'ancien Bloc-Notes (C:\Windows\notepad.exe) aux applications utilisables
UseFilter (Order: 27)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe
Value nameUseFilter
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Rajoute l'ancien Bloc-Notes (C:\Windows\notepad.exe) aux applications utilisables
User Configuration (Disabled)
No settings defined.