Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
ROBUH-PO-WIN-C-DESKTOP HARDENING-AGENT-ANT
Data collected on: 2-9-2025 11:34:58
General
Details
Domainemea.tpg.ads
OwnerEMEA\trifan.5-adm
Created11-10-2023 11:31:10
Modified12-10-2023 08:58:44
User Revisions59 (AD), 59 (SYSVOL)
Computer Revisions0 (AD), 0 (SYSVOL)
Unique ID{073d9f0f-ddd8-40b9-9ed1-cc1c0fa18295}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ANTNoEnabledemea.tpg.ads/RO/Systems/Clients/ANT

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\ROBU1VMANT01$
S-1-5-21-513466819-3096973226-347852806-1108829
S-1-5-21-513466819-3096973226-347852806-1504198
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\ROBU1VMANT01$Read (from Security Filtering)No
EMEA\RO-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\trifan.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-1108829Read (from Security Filtering)No
S-1-5-21-513466819-3096973226-347852806-1504198Read (from Security Filtering)No
Computer Configuration (Enabled)
No settings defined.
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply Software Restriction Policies to the followingAll software files except libraries (such as DLLs)
Apply Software Restriction Policies to the following usersAll users
When applying Software Restriction PoliciesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEADE File
ADPADP File
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMDB File
MDEMDE File
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source File
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelDisallowed
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified11-10-2023 11:41:36
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified11-10-2023 11:41:36
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel
PolicySettingComment
Prohibit access to Control Panel and PC settingsDisabled
Settings Page VisibilityEnabled
Settings Page Visibility:showonly:keyboard;regionlanguage
Control Panel/Personalization
PolicySettingComment
Prevent changing desktop iconsEnabled
Control Panel/Printers
PolicySettingComment
Browse the network to find printersEnabled
Prevent addition of printersEnabled
Control Panel/Programs
PolicySettingComment
Hide "Programs and Features" pageEnabled
Shared Folders
PolicySettingComment
Allow shared folders to be publishedEnabled
System
PolicySettingComment
Don't run specified Windows applicationsEnabled
List of disallowed applications
cmd.exe
regedit.exe
regedit32.exe
command.com
powershell.exe
viber.exe
avant.exe
azureus.exe
bitcomet.exe
bittornado.exe
bitlord.exe
bling.exe
ctorrent.exe
del.exe
vuze.exe
azureusvuze.exe
gator.exe
gmt.exe
kaz.exe
kazaa.exe
limewire.exe
msblast.exe
ncrvs.exe
nvscv32.exe
pp.exe
q7i1j3n9q3s.exe
rnathchk.exe
runouce.exe
sample.exe
secsvc.exe
Swin32ssr.exe
tds.exe
torrent.exe
tov.exe
U.exe
utorrent.exe
ziptorrent.exe
µTorrent.exe
FirefoxPortable.exe
yahoomessenger.exe
HelpPane.exe
HelpPane.exe
notepad.exe
mspaint.exe
SnippingTool.exe
skype.exe
StikyNot.exe
StikyNot.exe
Skype.exe
wordpad.exe
mstsc.exe
powershell.exe
powershell_ise.exe
Microsoft.Notes.exe
WinStore.App.exe
mmc.exe
ScreenSketch.exe
WhatsApp.exe
Dropbox.exe
firefox.exe
DbxSvc.exe
PolicySettingComment
Prevent access to registry editing toolsEnabled
Disable regedit from running silently?No
PolicySettingComment
Prevent access to the command promptEnabled
Disable the command prompt script processing also?No
System/Ctrl+Alt+Del Options
PolicySettingComment
Remove Task ManagerEnabled
System/Group Policy
PolicySettingComment
Set Group Policy refresh interval for usersEnabled
This setting allows you to customize how often Group Policy is applied
to users. The range is 0 to 44640 minutes (31 days).
Minutes:60
This is a random time added to the refresh interval to prevent
all clients from requesting Group Policy at the same time.
The range is 0 to 1440 minutes (24 hours)
Minutes:30
System/Removable Storage Access
PolicySettingComment
All Removable Storage classes: Deny all accessEnabled
CD and DVD: Deny read accessEnabled
CD and DVD: Deny write accessEnabled
Removable Disks: Deny read accessEnabled
Removable Disks: Deny write accessEnabled
WPD Devices: Deny read accessEnabled
WPD Devices: Deny write accessEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/File Explorer
PolicySettingComment
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsRestrict all drives
PolicySettingComment
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsRestrict all drives
PolicySettingComment
Remove "Map Network Drive" and "Disconnect Network Drive"Enabled
Remove File menu from File ExplorerEnabled
Turn off Windows Key hotkeysEnabled
Windows Components/Internet Explorer
PolicySettingComment
Prevent access to Internet Explorer HelpEnabled
Turn on the auto-complete feature for user names and passwords on formsDisabled
Windows Components/Internet Explorer/Browser menus
PolicySettingComment
File menu: Disable Open menu optionEnabled
Tools menu: Disable Internet Options... menu optionEnabled
Windows Components/Internet Explorer/Delete Browsing History
PolicySettingComment
Allow deleting browsing history on exitEnabled
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Connections pageEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Computer ManagementEnabled
Device ManagerEnabled
Disk ManagementEnabled
Event ViewerEnabled
Event Viewer (Windows Vista)Enabled
Windows Components/Network Sharing
PolicySettingComment
Prevent users from sharing files within their profile.Disabled
Preferences
Windows Settings
Drive Maps
Drive Map (Drive: Z)
Z: (Order: 1)
General
ActionUpdate
Properties
LetterZ
ReconnectDisabled
Label asZ
Use first availableDisabled
Hide/Show this driveShow
Hide/Show all drivesHide
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
DefaultCookiesSetting (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_CURRENT_USER
Key pathSoftware\Policies\Google\Chrome
Value nameDefaultCookiesSetting
Value typeREG_DWORD
Value data0x4 (4)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Run in logged-on user's security context (user policy option)No
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo