Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
RO-PO-WIN-U-Windows 11 Hardening PCI
Data collected on: 2-9-2025 12:25:27
General
Details
Domainemea.tpg.ads
OwnerEMEA\trifan.5-adm
Created5-11-2024 11:01:52
Modified29-7-2025 15:24:08
User Revisions71 (AD), 71 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{d1481031-e399-4dee-9df9-0cc67cf97f83}
GPO StatusComputer settings disabled
Links
LocationEnforcedLink StatusPath
AgentsNoEnabledemea.tpg.ads/RO/Agents
StaffNoEnabledemea.tpg.ads/RO/Staff

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
None
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Janadri.5-tCustomNo
Computer Configuration (Disabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified25-6-2024 11:42:19
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified25-6-2024 11:42:19
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Personalization
PolicySettingComment
Prevent changing desktop backgroundEnabled
Desktop
PolicySettingComment
Do not add shares of recently opened documents to Network LocationsEnabled
Hide Network Locations icon on desktopEnabled
Prevent adding, dragging, dropping and closing the Taskbar's toolbarsEnabled
Prohibit User from manually redirecting Profile FoldersEnabled
Remove Properties from the Computer icon context menuEnabled
Remove Properties from the Recycle Bin context menuEnabled
Remove Recycle Bin icon from desktopEnabled
Microsoft Edge
PolicySettingComment
Allow importing of payment infoDisabled
Allow importing of saved passwordsDisabled
Allow or deny screen captureDisabled
Define a list of allowed URLsEnabled
Define a list of allowed URLs
edge://downloads/
PolicySettingComment
Enable AutoFill for addressesDisabled
Enable AutoFill for payment instrumentsDisabled
Enable the Collections featureDisabled
Enable the Screenshot (previously named Web Capture) feature in Microsoft EdgeDisabled
Hide the First-run experience and splash screenEnabled
Microsoft Edge/Content settings
PolicySettingComment
Configure cookiesEnabled
Configure cookiesKeep cookies for the duration of the session, except ones listed in "SaveCookiesOnExit"
Microsoft Edge/Extensions
PolicySettingComment
Control which extensions cannot be installedEnabled
Extension IDs the user should be prevented from installing (or * for all)
*
Microsoft Edge/Password manager and protection
PolicySettingComment
Enable saving passwords to the password managerDisabled
Shared Folders
PolicySettingComment
Allow shared folders to be publishedDisabled
Start Menu and Taskbar
PolicySettingComment
Clear history of recently opened documents on exitEnabled
Clear tile notifications during log onEnabled
Disable context menus in the Start MenuEnabled
Disable showing balloon notifications as toasts.Enabled
Do not allow pinning items in Jump ListsEnabled
Do not allow pinning programs to the TaskbarEnabled
Do not allow pinning Store app to the TaskbarEnabled
Do not display any custom toolbars in the taskbarEnabled
Do not display or track items in Jump Lists from remote locationsEnabled
Do not keep history of recently opened documentsEnabled
Do not use the search-based method when resolving shell shortcutsEnabled
Force Start to be either full screen size or menu sizeEnabled
Choose one of the following sizesStart menu
PolicySettingComment
Hide the notification areaEnabled
Lock all taskbar settingsEnabled
Lock the TaskbarEnabled
Prevent changes to Taskbar and Start Menu SettingsEnabled
Prevent users from adding or removing toolbarsEnabled
Prevent users from customizing their Start ScreenEnabled
Prevent users from moving taskbar to another screen dock locationEnabled
Prevent users from rearranging toolbarsEnabled
Prevent users from resizing the taskbarEnabled
Prevent users from uninstalling applications from StartEnabled
Remove "Recently added" list from Start MenuEnabled
Remove access to the context menus for the taskbarEnabled
Remove All Programs list from the Start menuEnabled
Choose one of the following actionsRemove and disable setting
PolicySettingComment
Remove common program groups from Start MenuEnabled
Remove links and access to Windows UpdateEnabled
Remove Notifications and Action CenterNot ConfiguredThis policy makes the keyboard layouts not working
Remove pinned programs from the TaskbarNot ConfiguredEnable for File Explorer and Microsoft Edge Pinned Taskbar
Remove Quick SettingsEnabled
Remove Recommended section from Start MenuEnabled
Remove See More Results / Search Everywhere linkEnabled
Remove the Meet Now iconEnabled
Remove the networking iconEnabled
Remove the People Bar from the taskbarEnabled
Remove the Security and Maintenance iconEnabled
Remove the volume control iconDisabledShow Volume
Show or hide "Most used" list from Start menuEnabled
Choose one of the following actionsHide
PolicySettingComment
Show QuickLaunch on TaskbarEnabled
Show Start on the display the user is using when they press the Windows logo keyEnabled
Show the Apps view automatically when the user goes to StartDisabled
Show Windows Store apps on the taskbarDisabled
Turn off all balloon notificationsEnabled
Turn off automatic promotion of notification icons to the taskbarEnabled
Turn off feature advertisement balloon notificationsEnabled
Turn off notification area cleanupEnabled
Start Menu and Taskbar/Notifications
PolicySettingComment
Turn off notification mirroringEnabled
System
PolicySettingComment
Do not display the Getting Started welcome screen at logonEnabled
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?No
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
System/Ctrl+Alt+Del Options
PolicySettingComment
Remove Task ManagerEnabled
Windows Components/Attachment Manager
PolicySettingComment
Default risk level for file attachmentsEnabled
Set the default risk levelLow Risk
PolicySettingComment
Do not preserve zone information in file attachmentsEnabled
Inclusion list for low file typesEnabled
Specify low risk extensions (include a leading period, e.g. .bmp;.gif;)..lnk
Windows Components/Cloud Content
PolicySettingComment
Configure Windows spotlight on lock screenDisabled
Do not suggest third-party content in Windows spotlightEnabled
Do not use diagnostic data for tailored experiencesEnabled
Turn off all Windows spotlight featuresEnabled
Turn off the Windows Welcome ExperienceEnabled
Turn off Windows Spotlight on Action CenterEnabled
Turn off Windows Spotlight on SettingsEnabled
Windows Components/File Explorer
PolicySettingComment
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbonEnabled
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict A, B, C and D drives only
PolicySettingComment
Hides the Manage item on the File Explorer context menuEnabled
Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
Remove CD Burning featuresEnabled
Remove DFS tabEnabled
Remove File Explorer's default context menuEnabled
Remove File menu from File ExplorerEnabled
Remove Hardware tabEnabled
Remove Security tabEnabled
Remove the Search the Internet "Search again" linkEnabled
Turn off caching of thumbnail picturesEnabled
Turn off display of recent search entries in the File Explorer search boxEnabled
Turn off Windows Key hotkeysEnabled
Windows Components/File Explorer/Previous Versions
PolicySettingComment
Hide previous versions list for remote filesEnabled
Prevent restoring remote previous versionsEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Computer ManagementEnabled
Local Users and GroupsEnabled
Windows Components/Store
PolicySettingComment
Turn off the offer to update to the latest version of WindowsEnabled
Turn off the Store applicationEnabled
Windows Components/Windows Copilot
PolicySettingComment
Turn off Windows CopilotEnabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Do not automatically start Windows Messenger initiallyEnabled
Preferences
Windows Settings
Drive Maps
Drive Map (Drive: O)
O: (Order: 1)
General
ActionDelete
Properties
LetterO
Delete all starting at specified driveDisabled
Hide/Show all drivesNo change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
Drive Map (Drive: P)
P: (Order: 2)
General
ActionDelete
Properties
LetterP
Delete all starting at specified driveDisabled
Hide/Show all drivesNo change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
Files
File (Target Path: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Run.lnk)
Run.lnk (Order: 1)
General
ActionDelete
Properties
Destination file%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Run.lnk
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
File (Target Path: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Control Panel.lnk)
Control Panel.lnk (Order: 2)
General
ActionDelete
Properties
Destination file%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Control Panel.lnk
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
File (Target Path: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Command Prompt.lnk)
Command Prompt.lnk (Order: 3)
General
ActionDelete
Properties
Destination file%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System\Command Prompt.lnk
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
Folders
Folder (Path: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2)
Group2 (Order: 1)
General
ActionUpdate
Attributes
Path%USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3 )
Group3 (Order: 2)
General
ActionUpdate
Attributes
Path%USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3
Read-onlyDisabled
HiddenEnabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Folder (Path: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell)
Windows PowerShell (Order: 3)
General
ActionDelete
Attributes
Path%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Enabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersEnabled
Ignore errors for files/folders that cannot be deletedEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
Folder (Path: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System)
Windows System (Order: 4)
General
ActionDelete
Attributes
Path%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System
Delete this folder (if emptied)Enabled
Recursively delete all subfolders (if emptied)Enabled
Delete all files in the folder(s)Enabled
Allow deletion of read-only files/foldersEnabled
Ignore errors for files/folders that cannot be deletedEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
Registry
NoRun (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Apply once and do not reapplyNo
NoRun (Order: 2)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value nameNoRun
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
{59031a47-3f72-44a7-89c5-5595fe6b30ee} (Order: 3)
General
ActionReplace
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Value name{59031a47-3f72-44a7-89c5-5595fe6b30ee}
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AutoRepeatDelay (Order: 4)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameAutoRepeatDelay
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AutoRepeatRate (Order: 5)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameAutoRepeatRate
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
BounceTime (Order: 6)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameBounceTime
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DelayBeforeAcceptance (Order: 7)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameDelayBeforeAcceptance
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Flags (Order: 8)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameFlags
Value typeREG_SZ
Value data126
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Last BounceKey Setting (Order: 9)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameLast BounceKey Setting
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Last Valid Delay (Order: 10)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameLast Valid Delay
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Last Valid Repeat (Order: 11)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameLast Valid Repeat
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Last Valid Wait (Order: 12)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathControl Panel\Accessibility\Keyboard Response
Value nameLast Valid Wait
Value typeREG_DWORD
Value data0x3E8 (1000)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
disablescreenclippings (Order: 13)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathsoftware\policies\microsoft\office\16.0\common\insert media\screenshot
Value namedisablescreenclippings
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
TaskbarMn (Order: 14)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value nameTaskbarMn
Value typeREG_SZ
Value data0
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo