Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
PLKAT-PO-WIN-ADM-U-Restrictions Backoffice (Lenovo QA&SV)
Data collected on: 2-9-2025 09:55:44
General
Details
Domainemea.tpg.ads
OwnerS-1-5-21-513466819-3096973226-347852806-383093
Created6-4-2021 18:02:06
Modified10-1-2025 12:33:38
User Revisions60 (AD), 60 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{246f61ec-b956-41f1-b05a-196ee5e9dfbb}
GPO StatusComputer settings disabled
Links
LocationEnforcedLink StatusPath
PLNoEnabledemea.tpg.ads/PL

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\PLKAT-L-SEC-Restrictions Backoffice Lenovo QA&SV
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\PLKAT-L-SEC-Restrictions Backoffice Lenovo QA&SVRead (from Security Filtering)No
EMEA\PL-L-SEC-Delegation Modify Group Policy Settings AccessEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Disabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Connections pageDisabled
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified2-4-2021 12:41:21
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified2-4-2021 12:41:21
C:\WINDOWS\system32\rsop.msc
Security LevelDisallowed
Description
Date last modified2-4-2021 12:42:25
C:\WINDOWS\system32\secpol.msc
Security LevelDisallowed
Description
Date last modified2-4-2021 12:41:52
C:\WINDOWS\system32\services.msc
Security LevelDisallowed
Description
Date last modified2-4-2021 12:43:04
Folder Redirection
Links
Setting: Not configured
Start Menu
Setting: Not configured
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Always open All Control Panel Items when opening Control PanelEnabled
Settings Page VisibilityEnabled
Settings Page Visibility:showonly:windowsupdate;display;regionlanguage;defaultapps;dateandtime;typing;taskbar;mousetouchpad;ms-settings:network-wifi;ms-availablenetworks;ms-settings:network-wifisettings;
PolicySettingComment
Show only specified Control Panel itemsEnabled
List of allowed Control Panel items
Microsoft.Mouse
Microsoft.Display
Microsoft.DevicesAndPrinters
Microsoft.RegionalAndLanguageOptions
Microsoft.DateAndTime
Microsoft.Display
Microsoft.Sound
Microsoft.Mouse
MLCFG32.CPL
Microsoft.CredentialManager
Microsoft.DefaultPrograms
Control Panel/Personalization
PolicySettingComment
Prevent changing desktop backgroundDisabled
Desktop
PolicySettingComment
Hide Network Locations icon on desktopEnabled
Remove the Desktop Cleanup WizardEnabled
Shared Folders
PolicySettingComment
Allow shared folders to be publishedDisabled
Start Menu and Taskbar
PolicySettingComment
Add Logoff to the Start MenuEnabled
Force classic Start MenuEnabled
Prevent users from customizing their Start ScreenEnabled
Remove Help menu from Start MenuEnabled
Remove links and access to Windows UpdateEnabled
Remove Music icon from Start MenuEnabled
Remove Network Connections from Start MenuEnabled
Remove Network icon from Start MenuEnabled
Remove Pictures icon from Start MenuEnabled
Remove Recent Items menu from Start MenuEnabled
Remove Run menu from Start MenuEnabled
Remove user folder link from Start MenuEnabled
Show QuickLaunch on TaskbarEnabled
System
PolicySettingComment
Don't run specified Windows applicationsEnabled
List of disallowed applications
powershell.exe
powershell_ise.exe
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?No
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
System/Ctrl+Alt+Del Options
PolicySettingComment
Remove Task ManagerEnabled
System/Removable Storage Access
PolicySettingComment
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Windows Components/Attachment Manager
PolicySettingComment
Default risk level for file attachmentsEnabled
Set the default risk levelLow Risk
PolicySettingComment
Do not preserve zone information in file attachmentsEnabled
Inclusion list for low file typesEnabled
Specify low risk extensions (include a leading period, e.g. .bmp;.gif;)..lnk
Windows Components/File Explorer
PolicySettingComment
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbonEnabled
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict C drive only
PolicySettingComment
Hides the Manage item on the File Explorer context menuEnabled
No Computers Near Me in Network LocationsEnabled
No Entire Network in Network LocationsEnabled
Remove CD Burning featuresEnabled
Remove File Explorer's default context menuDisabled
Remove Shared Documents from My ComputerEnabled
Turn off caching of thumbnail picturesEnabled
Turn off Windows Key hotkeysEnabled
Turn on Classic ShellDisabled
Windows Components/Internet Explorer
PolicySettingComment
Turn off tabbed browsingDisabled
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Advanced pageEnabled
Disable the Connections pageEnabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Empty Temporary Internet Files folder when browser is closedEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Computer ManagementDisabled
Local Users and GroupsDisabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Policies\Microsoft\WindowsMovieMaker\MovieMaker1
Preferences
Windows Settings
Registry
{031E4825-7B94-4dc3-B131-E946B44C8DD5} (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 2)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 3)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedYes
{59031a47-3f72-44a7-89c5-5595fe6b30ee} (Order: 4)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Value name{59031a47-3f72-44a7-89c5-5595fe6b30ee}
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedYes
{26EE0668-A00A-44D7-9371-BEB064C98683} (Order: 5)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} (Order: 6)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
DisablePersonalDirChange (Order: 7)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameDisablePersonalDirChange
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Remove this item when it is no longer appliedYes
Shortcuts
Shortcut (Path: Shares$ CTMAD)
Shares$ CTMAD (Order: 1)
General
ActionDelete
Attributes
Target typeFile system object
Shortcut pathShares$ CTMAD
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)Yes
Apply once and do not reapplyNo
Control Panel Settings
Internet Settings
Internet Explorer 10: Internet Explorer 10 (Order: 1)
General
Home page
Main tabhttps://plnews.emea.tpg.ads
Startup
Startup optionsStart with tabs from the last session
Browsing history
Delete browsing history on exitYes
Security
Security levels
InternetMedium-high
Internet
Enable Protected ModeEnabled
Privacy
Turn on Pop-up BlockerEnabled
Never allow websites to request your physical locationDisabled
Disable toolbars and extensions when InPrivate Browsing startsEnabled
Connections
Dial-up settings
Connection behaviorNever dial a connection
Local Area Network (LAN) settings
Automatically detect settingsNo
Use automatic configuration scripthttp://deffmproxyrr.emea.tpg.ads/cfg/config.pac
Proxy server
Use a proxy server for your LAN (These settings will not apply to a dial-up or VPN connections)No
Programs
Choose how you open links
Choose how you open linksAlways in Internet Explorer on the desktop
Open Internet Explorer tiles on the desktopEnabled
Advanced
Accelerated graphics
User software rendering instead of GPU renderingEnabled
Accessibility
Always expand ALT text for imagesDisabled
Enable Caret Browser for new windows and tabsDisabled
Move system caret with focus/selection changesDisabled
Play system soundsDisabled
Reset text size to medium for new windows and tabsDisabled
Reset Zoom level for new windows and tabsDisabled
Browsing
Automatically recover from page layout errors with Compatibility ViewEnabled
Close unused folders in History and Favorites (requires restart)Disabled
Disable Script debugging (Internet Explorer)Enabled
Disable Script debugging (Other)Enabled
Display a notification about every script errorDisabled
Display Accelerator button on selectionDisabled
Enable automatic crash recoveryEnabled
Enable flip aheadDisabled
Enable FTP folder view (outside of Internet Explorer)Enabled
Enable Suggested SitesDisabled
Enable third-party browser extensions (requires restart)Disabled
Enable visual styles on buttons and controls in webpagesEnabled
Enable websites to use the search paneDisabled
Go to an intranet site for a single word entry in the Address barDisabled
Notify when downloads completeEnabled
Reuse windows for launching shortcutsEnabled
Show Friendly HTTP Error messagesEnabled
Tell me if Internet Explorer is not the default web browserEnabled
Underline linksAlways
Use inline AutoCompleteEnabled
Use inline Autocomplete in File Explorer and Run DialogDisabled
Use most recent order when switching tabs with Ctrl+TabDisabled
Use Passive FTP (for firewall and DSL model compatibility)Enabled
Use smooth scrollingEnabled
HTTP 1.1 settings
Use HTTP 1.1Enabled
Use HTTP 1.1 through proxy connectionsEnabled
International
Always show encoded addressesDisabled
Send IDN server namesEnabled
Send IDN server names for Intranet addressesDisabled
Send UTF-8 URLsEnabled
Show Information Bar for encoded addressesEnabled
Multimedia
Enable alternative codecs in HTML5 media elementsEnabled
Enable Automatic Image ResizingEnabled
Play animations in webpagesDisabled
Play sounds in webpagesDisabled
Show image download placeholdersDisabled
Show picturesEnabled
Security
Allow active content from CDs to run on My ComputerDisabled
Allow active content to run in files on My ComputerDisabled
Always send Do Not Track headerDisabled
Allow software to run or install even if the signature is invalidDisabled
Block unsecured images with other mixed contentDisabled
Check for publisher's certificate revocationEnabled
Check for server certificate revocation (requires restart)Enabled
Check for signatures on downloaded programsEnabled
Do not save encrypted pages to diskEnabled
Empty Temporary Internet Files folder when browser is closedEnabled
Enable memory protection to help mitigate online attacksDisabled
Enable DOM StorageEnabled
Enable Enhanced Protected ModeEnabled
Enable Integrated Windows Authentication (requires restart)Enabled
Enable native XMLHTTP supportEnabled
Enable SmartScreen FilterDisabled
Use SSL 2.0Disabled
Use SSL 3.0Enabled
Use TLS 1.0Enabled
Use TLS 1.1Enabled
Use TLS 1.2Enabled
Warn about certificate address mismatchEnabled
Warn if changing between secure and not secure modeEnabled
Warn if POST submittal is redirected to a zone that does not permit postsEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo