Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
NLCTX-PO-WIN-C-SBC
Data collected on: 2-9-2025 09:13:19
General
Details
Domainemea.tpg.ads
OwnerEMEA\timmermans.5
Created15-5-2018 11:56:38
Modified28-6-2024 12:56:54
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions151 (AD), 151 (SYSVOL)
Unique ID{9aa6f0da-3fdf-4765-bb36-7996dcd0241e}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
SBCNoEnabledemea.tpg.ads/NL/Systems/CitrixBNL/SBC
BOLNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/BOL
Canada GooseNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Canada Goose
Covid SupportNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Covid Support
EnecoNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Eneco
IKEANoEnabledemea.tpg.ads/NL/Systems/Test/SBC/IKEA
LidlNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Lidl
OperationsNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Operations
SamsungNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Samsung
TelfortNoDisabledemea.tpg.ads/NL/Systems/Test/SBC/Telfort
TestNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Test
WehkampNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Wehkamp
ZalandoNoEnabledemea.tpg.ads/NL/Systems/Test/SBC/Zalando
HSDNoEnabledemea.tpg.ads/SR/Systems/Citrix/HSD

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\NL-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit process trackingSuccess
Local Policies/User Rights Assignment
PolicySetting
Change the time zoneEveryone
System Services
Update Orchestrator Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Update Medic Service (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Update (Startup Mode: Disabled)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy versionNot Configured
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNo
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Citrix Components/Citrix Workspace/SelfService
PolicySettingComment
EnableFTUDisabled
Control Panel/Personalization
PolicySettingComment
Prevent changing lock screen and logon imageEnabled
Prevent changing start menu backgroundEnabled
Prevent enabling lock screen cameraEnabled
Prevent enabling lock screen slide showEnabled
Control Panel/User Accounts
PolicySettingComment
Apply the default account picture to all usersEnabled
Google/Google Chrome
PolicySettingComment
Import bookmarks from default browser on first runEnabled
Use hardware acceleration when availableDisabled
Google/Google Update/Applications
PolicySettingComment
Update policy override defaultEnabled
PolicyUpdates disabled
Microsoft Edge Update/Applications
PolicySettingComment
Update policy override defaultEnabled
Update PolicyUpdates disabled
Microsoft Office 2016 (Machine)/Updates
PolicySettingComment
Enable Automatic UpdatesDisabled
Mozilla/Firefox
PolicySettingComment
Disable Profile ImportEnabled
Disable UpdateEnabled
Don't Check Default BrowserEnabled
Override the first run pageEnabled
URL:
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Prohibit notificationsEnabled
Windows Defender Firewall: Protect all network connectionsDisabled
Printers
PolicySettingComment
Point and Print RestrictionsEnabled
Users can only point and print to these servers:Disabled
Enter fully qualified server names separated by semicolons
Users can only point and print to machines in their forestDisabled
Security Prompts:
When installing drivers for a new connection:Do not show warning or elevation prompt
When updating drivers for an existing connection:Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and later
System
PolicySettingComment
Display highly detailed status messagesEnabled
System/Group Policy
PolicySettingComment
Configure Logon Script DelayEnabled
minute:0
PolicySettingComment
Configure user Group Policy loopback processing modeEnabled
Mode:Merge
System/Logon
PolicySettingComment
Always wait for the network at computer startup and logonEnabled
Assign a default domain for logonEnabled
Default Logon domain:EMEA
Enter the name of the domain
PolicySettingComment
Hide entry points for Fast User SwitchingEnabled
Show first sign-in animation Disabled
Turn off Windows Startup soundEnabled
System/Power Management
PolicySettingComment
Select an active power planEnabled
Active Power Plan:High Performance
System/Power Management/Sleep Settings
PolicySettingComment
Specify the system sleep timeout (on battery)Enabled
System Sleep Timeout (seconds):4294967295
PolicySettingComment
Specify the unattended sleep timeout (plugged in)Enabled
Unattended Sleep Timeout (seconds):4294967295
PolicySettingComment
Turn off hybrid sleep (plugged in)Enabled
System/Power Management/Video and Display Settings
PolicySettingComment
Turn off the display (plugged in)Enabled
Turn Off the Display (seconds):4294967295
System/Scripts
PolicySettingComment
Run logon scripts synchronouslyEnabled
System/System Restore
PolicySettingComment
Turn off System RestoreEnabled
System/User Profiles
PolicySettingComment
Add the Administrators security group to roaming user profilesEnabled
Delete cached copies of roaming profilesEnabled
Delete user profiles older than a specified number of days on system restartEnabled
Delete user profiles older than (days)7
Windows Components/App Package Deployment
PolicySettingComment
Allow deployment operations in special profilesDisabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access the microphoneEnabled
Default for all apps:Force Allow
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsEnabled
Turn off Microsoft consumer experiencesEnabled
Windows Components/OneDrive
PolicySettingComment
Prevent the usage of OneDrive for file storageEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection
PolicySettingComment
Allow audio and video playback redirectionEnabled
Allow audio recording redirectionEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Printer Redirection
PolicySettingComment
Do not allow client printer redirectionEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment
PolicySettingComment
Remove "Disconnect" option from Shut Down dialogEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Session Time Limits
PolicySettingComment
Set time limit for active but idle Remote Desktop Services sessionsEnabled
Idle session limit:1 hour
PolicySettingComment
Set time limit for disconnected sessionsEnabled
End a disconnected session15 minutes
Windows Components/Search
PolicySettingComment
Allow CortanaDisabled
Prevent indexing certain pathsEnabled
Prevent Indexing Certain Paths
iehistory://{*}/
file:///C:\\*
file:///D:\\*
PolicySettingComment
Prevent indexing e-mail attachmentsEnabled
Prevent indexing Microsoft Office OutlookEnabled
Windows Components/Store
PolicySettingComment
Disable all apps from Microsoft Store Enabled
Turn off Automatic Download and Install of updatesEnabled
Turn off the offer to update to the latest version of WindowsEnabled
Turn off the Store applicationEnabled
Windows Components/Windows Media Player
PolicySettingComment
Do Not Show First Use Dialog BoxesEnabled
Windows Components/Windows Update/Legacy Policies
PolicySettingComment
Allow Automatic Updates immediate installationDisabled
Windows Components/Windows Update/Manage end user experience
PolicySettingComment
Configure Automatic UpdatesDisabled
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Do not connect to any Windows Update Internet locationsEnabled
Preferences
Windows Settings
Registry
CentralManagementUri (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\WOW6432Node\Avaya\Avaya one-X Agent\Settings
Value nameCentralManagementUri
Value typeREG_SZ
Value datahttps://deffmacm01.emea.tpg.ads/ACCCMONEXCFG/
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ApplicationLaunchWaitTimeoutMS (Order: 2)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI
Value nameApplicationLaunchWaitTimeoutMS
Value typeREG_DWORD
Value data0x57E40 (360000)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
UpdateDefault (Order: 3)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Google\Update
Value nameUpdateDefault
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
RestrictDriverInstallationToAdministrators (Order: 4)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
Value nameRestrictDriverInstallationToAdministrators
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DontUseDesktopChangeRouter (Order: 5)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\EXPLORER.EXE
Value nameDontUseDesktopChangeRouter
Value typeREG_SZ
Value data1
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
SeamlessFlags (Order: 6)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI
Value nameSeamlessFlags
Value typeREG_DWORD
Value data0x2000 (8192)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
SharedComputerLicensing (Order: 7)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Office\16.0\Common\Licensing
Value nameSharedComputerLicensing
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
disableAutoUpdate (Order: 8)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Teams
Value namedisableAutoUpdate
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
ProcessWhitelist (Order: 9)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\WOW6432Node\Citrix\WebSocketService
Value nameProcessWhitelist
Value typeREG_MULTI_SZ
Lines
LineValue
1msedgewebview2.exe
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
Group (Name: Administrators (built-in))
Administrators (built-in) (Order: 1)
Local Group
ActionUpdate
Properties
Group nameAdministrators (built-in)
Delete all member usersDisabled
Delete all member groupsDisabled
Add members
EMEA\NL-L-SEC-Delegation Local Administration Rights Client HSDS-1-5-21-513466819-3096973226-347852806-1487080
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.