Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
MG-PR-SEC-C-Server_Hardening_2023
Data collected on: 2-9-2025 11:30:29
General
Details
Domainemea.tpg.ads
OwnerEMEA\poincon.7-adm
Created11-9-2023 11:52:24
Modified8-1-2024 14:18:14
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{15c01eaf-2744-4c37-aa54-a67bde163df2}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/MG/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\MG-L-SEC-GPO-Server_Hardening_2023
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\MG-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\MG-L-SEC-GPO-Server_Hardening_2023Read (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Access this computer from the networkNT AUTHORITY\Authenticated Users, authe, BUILTIN\Administrators
Adjust memory quotas for a processNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators
Allow log on locallyBUILTIN\Backup Operators, BUILTIN\Administrators
Change the system timeNT AUTHORITY\LOCAL SERVICE, BUILTIN\Administrators
Change the time zoneBUILTIN\Administrators, NT AUTHORITY\LOCAL SERVICE
Create a pagefileBUILTIN\Administrators
Deny access to this computer from the networkBUILTIN\Guests, NT AUTHORITY\ANONYMOUS LOGON
Force shutdown from a remote systemBUILTIN\Administrators
Generate security auditsNT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE
Increase scheduling priorityBUILTIN\Administrators
Load and unload device driversBUILTIN\Administrators
Manage auditing and security logBUILTIN\Administrators
Modify firmware environment valuesBUILTIN\Administrators
Perform volume maintenance tasksBUILTIN\Administrators
Profile single processBUILTIN\Administrators
Profile system performanceBUILTIN\Administrators
Remove computer from docking stationBUILTIN\Administrators
Restore files and directoriesBUILTIN\Administrators
Shut down the systemBUILTIN\Administrators
Take ownership of files or other objectsBUILTIN\Administrators
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Limit local account use of blank passwords to console logon onlyEnabled
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Devices: Prevent users from installing printer driversEnabled
Domain Controller
PolicySetting
Domain controller: LDAP server signing requirementsRequire signing
Domain Member
PolicySetting
Domain member: Digitally encrypt secure channel data (when possible)Enabled
Domain member: Digitally sign secure channel data (when possible)Enabled
Domain member: Disable machine account password changesDisabled
Domain member: Require strong (Windows 2000 or later) session keyEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Number of previous logons to cache (in case domain controller is not available)0 logons
Interactive logon: Require Domain Controller authentication to unlock workstationEnabled
Network Access
PolicySetting
Network access: Do not allow anonymous enumeration of SAM accountsDisabled
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network access: Do not allow storage of passwords and credentials for network authenticationDisabled
Network access: Let Everyone permissions apply to anonymous usersDisabled
Network Security
PolicySetting
Network security: LDAP client signing requirementsRequire signing
System Cryptography
PolicySetting
System cryptography: Force strong key protection for user keys stored on the computerUser is prompted when the key is first used
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
User Configuration (Enabled)
No settings defined.