Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
PT-PO-WIN-ADM-C-Restrictions PCI With New EMEA
Data collected on: 2-9-2025 11:24:58
General
Details
Domainemea.tpg.ads
OwnerEMEA\silva.12303-adm
Created24-7-2023 12:48:16
Modified31-3-2025 17:49:02
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions264 (AD), 264 (SYSVOL)
Unique ID{0285d958-dddb-48ff-8d0c-fbebd842f9e1}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/PT/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
None
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\PT-L-SEC-C-W11 Hardening PCICustomNo
Computer Configuration (Enabled)
Policies
Windows Settings
Scripts
Startup
For this GPO, Script order: Windows PowerShell scripts will run first
NameParameters
remove_winkey.bat
Security Settings
Local Policies/Security Options
Network Access
PolicySetting
Network access: Do not allow storage of passwords and credentials for network authenticationEnabled
File System
%SystemRoot%\System32\osk.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
DenyAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESFull ControlThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified11-1-2024 12:19:33
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified11-1-2024 12:19:33
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy
Security LevelDisallowed
DescriptionDisable Search W10
Date last modified11-1-2024 12:21:35
C:\Windows\SystemApps\Microsoft.Windows.Search*
Security LevelDisallowed
DescriptionDisable Search W10> 21H1
Date last modified11-1-2024 12:22:07
Policy-based QoS
QoS Policies
Policy NameDSCP ValueThrottle Rate (KBps) Policy Conditions
uAgent46Not SpecifiedProtocol: TCP
Application: uagentwindows.exe
Source IP: Any
Destination IP: Any
Source Port: Any
Destination Port: Any

Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Allow Online TipsDisabled
Google/Google Chrome
PolicySettingComment
Allow user feedbackDisabled
Google/Google Chrome/Google Cast
PolicySettingComment
Enable Google CastDisabled28467290
Show the Google Cast toolbar iconDisabled28467290
Microsoft Edge
PolicySettingComment
Ads setting for sites with intrusive adsEnabled
Ads setting for sites with intrusive adsBlock ads on sites with intrusive ads. (Default value)
PolicySettingComment
Allow user feedbackDisabled
Microsoft Edge/Cast
PolicySettingComment
Enable Google CastDisabled28467290
Show the cast icon in the toolbarDisabled28467290
System/Group Policy
PolicySettingComment
Configure Logon Script DelayEnabled
minute:1
System/Logon
PolicySettingComment
Show first sign-in animation Disabled
System/Troubleshooting and Diagnostics/Scheduled Maintenance
PolicySettingComment
Configure Scheduled Maintenance BehaviorDisabled
Windows Components/Application Compatibility
PolicySettingComment
Turn off Application TelemetryEnabled
Turn off Inventory CollectorEnabled
Turn off Steps RecorderEnabled
Windows Components/Cloud Content
PolicySettingComment
Do not show Windows tipsEnabled
Turn off Microsoft consumer experiencesEnabled
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow Diagnostic DataEnabled
Diagnostic data off (not recommended)
PolicySettingComment
Do not show feedback notificationsEnabled
Windows Components/Location and Sensors
PolicySettingComment
Turn off locationEnabled
Turn off sensorsEnabled
Windows Components/Microsoft Defender Antivirus/Client Interface
PolicySettingComment
Enable headless UI modeDisabled
Windows Components/Microsoft Edge
PolicySettingComment
Configure Password ManagerDisabledBlock Credential Manager - 17577966
Windows Components/OneDrive
PolicySettingComment
Prevent OneDrive files from syncing over metered connectionsEnabled
Metered Network SettingBlock syncing on all metered connections
PolicySettingComment
Prevent the usage of OneDrive for file storageEnabled
Prevent the usage of OneDrive for file storage on Windows 8.1Enabled
Save documents to OneDrive by defaultDisabled
Windows Components/Online Assistance
PolicySettingComment
Turn off Active HelpEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment
PolicySettingComment
Remove Windows Security item from Start menuEnabled
Windows Components/Search
PolicySettingComment
Allow CortanaDisabled
Allow Cortana above lock screenDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Fully disable Search UIEnabledDisable Search on StartMenu and TaskBar
Windows Components/Security Center
PolicySettingComment
Turn on Security Center (Domain PCs only)Enabled
Windows Components/Store
PolicySettingComment
Only display the private store within the Microsoft StoreEnabled
Turn off Automatic Download and Install of updatesEnabled
Turn off the offer to update to the latest version of WindowsEnabled
Turn off the Store applicationEnabled
Windows Components/Sync your settings
PolicySettingComment
Do not syncEnabled
Allow users to turn syncing on.Disabled
PolicySettingComment
Do not sync personalizeEnabled
Allow users to turn "personalize" syncing on.Disabled
Windows Components/Windows Calendar
PolicySettingComment
Turn off Windows CalendarEnabled
Windows Components/Windows Error Reporting
PolicySettingComment
Disable Windows Error ReportingEnabled
Windows Components/Windows Game Recording and Broadcasting
PolicySettingComment
Enables or disables Windows Game Recording and BroadcastingDisabled
Windows Components/Windows Hello for Business
PolicySettingComment
Use Windows Hello for BusinessDisabled
Windows Components/Windows Ink Workspace
PolicySettingComment
Allow suggested apps in Windows Ink WorkspaceDisabled
Allow Windows Ink WorkspaceEnabled
Choose one of the following actionsDisabled
Windows Components/Windows Mail
PolicySettingComment
Turn off Windows Mail applicationEnabled
Windows Components/Windows Media Player
PolicySettingComment
Do Not Show First Use Dialog BoxesEnabled
Prevent Automatic UpdatesEnabled
Prevent Desktop Shortcut CreationEnabled
Prevent Media SharingEnabled
Prevent Quick Launch Toolbar Shortcut CreationEnabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Windows Components/Windows Mobility Center
PolicySettingComment
Turn off Windows Mobility CenterEnabled
Windows Components/Windows PowerShell
PolicySettingComment
Turn on Script ExecutionEnabled
Execution PolicyAllow all scripts
Preferences
Windows Settings
Files
File (Target Path: C:\Bin\DeleteXMLFilesAltitude.ps1)
DeleteXMLFilesAltitude.ps1 (Order: 1)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\pt\Lisbon-CIT\Clients\Settings\GPO\Scripts\Altitude\DeleteXMLFilesAltitude.ps1
Destination fileC:\Bin\DeleteXMLFilesAltitude.ps1
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Registry
DisableAntiSpyware (Order: 1)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender
Value nameDisableAntiSpyware
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
AutoDownload (Order: 2)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate
Value nameAutoDownload
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
DisableWindowsConsumerFeatures (Order: 3)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\CloudContent
Value nameDisableWindowsConsumerFeatures
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Start (Order: 4)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\SecurityHealthService
Value nameStart
Value typeREG_DWORD
Value data0x3 (3)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
HideSystray (Order: 5)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows Defender\Systray
Value nameHideSystray
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
DisableFeeds Create (Order: 6)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\Windows Feeds
Value nameEnableFeeds
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
DisableFeeds update (Order: 7)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\Windows Feeds
Value nameEnableFeeds
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
{031E4825-7B94-4dc3-B131-E946B44C8DD5} (Order: 8)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
NoRun (Order: 9)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
EditFavoritesEnabled (Order: 10)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft
Value nameEditFavoritesEnabled
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Description
Prevent changes to Favorites on Microsoft Edge
Type (Order: 11)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\ActionCenter\Quick Actions\All\SystemSettings_Device_BluetoothQuickAction
Value nameType
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Description
Remove "Bluetooh" form Action Center
Scancode Map (Order: 12)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Keyboard Layout
Value nameScancode Map
Value typeREG_BINARY
Value data0000000000000000040000002AE037E0000037E00000540000000000
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Disabling the Print Screen / PrtScrn key
SearchboxTaskbarMode (Order: 13)
General
ActionCreate
Properties
HiveHKEY_CURRENT_USER (HKU\.DEFAULT)
Key pathSoftware\Microsoft\Windows\CurrentVersion\Search
Value nameSearchboxTaskbarMode
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Description
Deny Search Win10 (Cortana)
Control Panel Settings
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: AltitudeDeleteXMLFiles)
AltitudeDeleteXMLFiles (Order: 1)
General
ActionReplace
Task
Name AltitudeDeleteXMLFiles
Author EMEA\rodrigues.1104-adm
Description
Run only when user is logged on InteractiveToken
UserId NT AUTHORITY\System
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.3
Enabled Yes
Triggers
1. Run at user logon
Delay task for 30 seconds
Activate 23-9-2020 15:44:49Synchronize across time zones No
Enabled Yes
Actions
1. Start a program
Program/script %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe
Arguments -ExecutionPolicy Bypass -File "C:\Bin\DeleteXMLFilesAltitude.ps1"
Settings
Stop if the computer ceases to be idle No
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power No
Allow task to be run on demand No
Stop task if it runs longer than 2 hours
If the running task does not end when requested, force it to stop No
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedYes
Services
Service (Name: wmiApSrv)
wmiApSrv (Order: 1)
General
Service namewmiApSrv
ActionStart service
Startup type:Automatic
Wait timeout if service is locked:30 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Service (Name: AppXSvc)
AppXSvc (Order: 2)
General
Service nameAppXSvc
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Service (Name: Sense)
Sense (Order: 3)
General
Service nameSense
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Service (Name: WdNisSvc)
WdNisSvc (Order: 4)
General
Service nameWdNisSvc
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Service (Name: WinDefend)
WinDefend (Order: 5)
General
Service nameWinDefend
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Service (Name: bthserv)
bthserv (Order: 6)
General
Service namebthserv
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Block Bluetooth
Service (Name: BTAGService)
BTAGService (Order: 7)
General
Service nameBTAGService
ActionStop service
Startup type:Disabled
Wait timeout if service is locked:0 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Description
Block Bluetooth
User Configuration (Disabled)
No settings defined.