| NLCTX-PO-WIN-U-VDI Non-Loopback Hardening | |
| Data collected on: 2-9-2025 09:13:56 | |
| Domain | emea.tpg.ads |
| Owner | EMEA\timmermans.5 |
| Created | 15-5-2018 11:57:32 |
| Modified | 13-8-2025 11:20:56 |
| User Revisions | 317 (AD), 317 (SYSVOL) |
| Computer Revisions | 3 (AD), 3 (SYSVOL) |
| Unique ID | {6a5d5bff-3117-45ca-a9aa-4d4378429005} |
| GPO Status | Computer settings disabled |
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| VDI | No | Enabled | emea.tpg.ads/NL/Systems/CitrixBNL/VDI |
| BOL | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/BOL |
| Eneco | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Eneco |
| IKEA | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/IKEA |
| Lidl | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Lidl |
| Operations | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Operations |
| Samsung | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Samsung |
| Test | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Test |
| Zalando | No | Enabled | emea.tpg.ads/NL/Systems/Test/SBC/Zalando |
| Belvilla | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Belvilla |
| Beter Bed | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Beter Bed |
| BOL | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/BOL |
| Caiway | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Caiway |
| Canada Goose | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Canada Goose |
| Covid Support | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Covid Support |
| Eneco | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Eneco |
| Essent | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Essent |
| Grohe | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Grohe |
| G-star | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/G-star |
| Hello Fresh BE | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Hello Fresh BE |
| IKEA | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/IKEA |
| Jumbo | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Jumbo |
| Lenovo | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Lenovo |
| Samsung | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Samsung |
| Telfort | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Telfort |
| Test | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Test |
| Wehkamp | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Wehkamp |
| Zalando | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Zalando |
| Ziggo | No | Enabled | emea.tpg.ads/NL/Systems/Test/VDI/Ziggo |
| Bol | No | Enabled | emea.tpg.ads/TR/Systems/Citrix/VDI/Bol |
| Name |
|---|
| EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning Restricted |
| EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning Unrestricted |
| EMEA\NLCTX-L-SEC-VDI Default User Settings |
| EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning Restricted |
| EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning Unrestricted |
| EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning Restricted |
| EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning Unrestricted |
| Name | Allowed Permissions | Inherited |
|---|---|---|
| EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning Restricted | Read (from Security Filtering) | No |
| EMEA\BE-L-SEC-Users Laptop Restrictions and Harderning Unrestricted | Read (from Security Filtering) | No |
| EMEA\Domain Admins | Edit settings, delete, modify security | No |
| EMEA\Domain Computers | Read | No |
| EMEA\NLCTX-L-SEC-VDI Default User Settings | Read (from Security Filtering) | No |
| EMEA\NL-L-SEC-Delegation Modify Group Policy Settings Access | Edit settings, delete, modify security | No |
| EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning Restricted | Read (from Security Filtering) | No |
| EMEA\NL-L-SEC-Users Laptop Restrictions and Harderning Unrestricted | Read (from Security Filtering) | No |
| EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning Restricted | Read (from Security Filtering) | No |
| EMEA\SR-L-SEC-Users Laptop Restrictions and Harderning Unrestricted | Read (from Security Filtering) | No |
| NT AUTHORITY\Authenticated Users | Read | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
| ROOT\Enterprise Admins | Edit settings, delete, modify security | No |
| Group | Path |
|---|---|
| EMEA\NLAMS-L-SEC-Folder Redirection Citrix Laptop Users | %DesktopLocation% |
| Grant user exclusive rights to Desktop | Disabled |
| Move the contents of Desktop to the new location | Disabled |
| Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems | Enabled |
| Policy Removal Behavior | Restore contents |
| Configuration Control | Group Policy |
| Primary Computer Evaluation | Not evaluated because primary computer policy is not enabled |
| Group | Path |
|---|---|
| EMEA\NLAMS-L-SEC-Folder Redirection Citrix Laptop Users | %FRDLocation% |
| Grant user exclusive rights to Start Menu | Disabled |
| Move the contents of Start Menu to the new location | Disabled |
| Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems | Enabled |
| Policy Removal Behavior | Restore contents |
| Configuration Control | Group Policy |
| Primary Computer Evaluation | Not evaluated because primary computer policy is not enabled |
| Policy | Setting | Comment | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Show only specified Control Panel items | Enabled | |||||||||
| ||||||||||
| Policy | Setting | Comment |
|---|---|---|
| Hide Active Directory folder | Enabled |
| Policy | Setting | Comment | ||||
|---|---|---|---|---|---|---|
| Add Search Internet link to Start Menu | Disabled | |||||
| Clear history of recently opened documents on exit | Enabled | |||||
| Clear tile notifications during log on | Enabled | |||||
| Do not allow pinning items in Jump Lists | Enabled | |||||
| Do not allow pinning programs to the Taskbar | Enabled | |||||
| Do not allow pinning Store app to the Taskbar | Enabled | |||||
| Do not search communications | Enabled | |||||
| Do not search for files | Enabled | |||||
| Do not search Internet | Enabled | |||||
| Do not search programs and Control Panel items | Enabled | |||||
| Do not use the search-based method when resolving shell shortcuts | Enabled | |||||
| Do not use the tracking-based method when resolving shell shortcuts | Enabled | |||||
| Hide the notification area | Enabled | |||||
| Pin Apps to Start when installed | Disabled | |||||
| Prevent users from adding or removing toolbars | Enabled | |||||
| Prevent users from customizing their Start Screen | Enabled | |||||
| Remove All Programs list from the Start menu | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Remove common program groups from Start Menu | Enabled | |||||
| Remove Documents icon from Start Menu | Enabled | |||||
| Remove Downloads link from Start Menu | Enabled | |||||
| Remove Favorites menu from Start Menu | Enabled | |||||
| Remove Games link from Start Menu | Enabled | |||||
| Remove Help menu from Start Menu | Enabled | |||||
| Remove Homegroup link from Start Menu | Enabled | |||||
| Remove links and access to Windows Update | Enabled | |||||
| Remove Music icon from Start Menu | Enabled | |||||
| Remove Network Connections from Start Menu | Enabled | |||||
| Remove Network icon from Start Menu | Enabled | |||||
| Remove Notifications and Action Center | Enabled | |||||
| Remove Pictures icon from Start Menu | Enabled | |||||
| Remove pinned programs from the Taskbar | Enabled | |||||
| Remove pinned programs list from the Start Menu | Enabled | |||||
| Remove Recent Items menu from Start Menu | Enabled | |||||
| Remove Recorded TV link from Start Menu | Enabled | |||||
| Remove Run menu from Start Menu | Enabled | |||||
| Remove Search Computer link | Enabled | |||||
| Remove Search link from Start Menu | Enabled | |||||
| Remove the battery meter | Disabled | |||||
| Remove the Meet Now icon | Enabled | |||||
| Remove the networking icon | Enabled | |||||
| Remove the People Bar from the taskbar | Enabled | |||||
| Remove the Security and Maintenance icon | Enabled | |||||
| Remove the volume control icon | Disabled | |||||
| Remove user folder link from Start Menu | Enabled | |||||
| Remove Videos link from Start Menu | Enabled | |||||
| Show QuickLaunch on Taskbar | Disabled | |||||
| Start Layout | Enabled | |||||
| ||||||
| Policy | Setting | Comment | ||||
| Turn off feature advertisement balloon notifications | Enabled | |||||
| Turn off notification area cleanup | Enabled | |||||
| Turn off user tracking | Enabled | |||||
| Policy | Setting | Comment |
|---|---|---|
| Turn off tile notifications | Enabled | |
| Turn off toast notifications | Enabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Prevent access to registry editing tools | Enabled | |||
| ||||
| Policy | Setting | Comment | ||
| Prevent access to the command prompt | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Turn off the Windows Welcome Experience | Enabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Hide these specified drives in My Computer | Enabled | |||
| ||||
| Policy | Setting | Comment | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Site to Zone Assignment List | Enabled | |||||||||||||
| ||||||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| End session when time limits are reached | Enabled | |||
| Set time limit for disconnected sessions | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Turn off the offer to update to the latest version of Windows | Enabled | |
| Turn off the Store application | Enabled |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects |
| Value name | VisualFXSetting |
| Value type | REG_DWORD |
| Value data | 0x2 (2) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Microsoft\Windows\CurrentVersion\Search |
| Value name | SearchboxTaskbarMode |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Remove Search from taskbar |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Microsoft\Windows\CurrentVersion\Explorer\MultitaskingView\AllUpView |
| Value name | AllUpView |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Restrict and Remove Task View Icon from Windows 10 Taskbar |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
| Value name | NoTileApplicationNotification |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Disable Live Tiles in Windows 10 Start Menu |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | System\GameConfigStore |
| Value name | GameDVR_Enabled |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Citrix\Receiver |
| Value name | EnableFTU |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Citrix\Receiver |
| Value name | HideAddAccountOnRestart |
| Value type | REG_DWORD |
| Value data | 0x1 (1) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Delete |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Microsoft\Windows\CurrentVersion\Run |
| Value name | OneDriveSetup |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Apply once and do not reapply | No |
| Action | Create |
| Hive | HKEY_CURRENT_USER |
| Key path | SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Serialize |
| Value name | StartupDelayInMSec |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |
| Action | Update |
| Hive | HKEY_CURRENT_USER |
| Key path | Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask |
| Value name | State |
| Value type | REG_DWORD |
| Value data | 0x0 (0) |
| Stop processing items on this extension if an error occurs on this item | No |
| Run in logged-on user's security context (user policy option) | No |
| Remove this item when it is no longer applied | No |
| Apply once and do not reapply | No |