Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
RU-PO-WIN-C-Servers Hardening Policy
Data collected on: 2-9-2025 11:00:20
General
Details
Domainemea.tpg.ads
OwnerEMEA\efimov.6-adm
Created14-12-2022 10:39:02
Modified13-2-2025 14:57:24
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions67 (AD), 67 (SYSVOL)
Unique ID{ea654257-fb2c-4386-8bae-99e35b540254}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ServersNoEnabledemea.tpg.ads/RU/Systems/Servers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\efimov.6-admEdit settings, delete, modify securityNo
EMEA\RU-L-SEC-Delegation Group Policy Objects Modify AccessEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Scripts
Startup
For this GPO, Script order: Not configured
NameParameters
_Servers_hardening.cmd
Security Settings
Local Policies/User Rights Assignment
PolicySetting
Shut down the systemBUILTIN\Administrators
Local Policies/Security Options
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators
Interactive Logon
PolicySetting
Interactive logon: Number of previous logons to cache (in case domain controller is not available)0 logons
Interactive logon: Require Domain Controller authentication to unlock workstationEnabled
Network Security
PolicySetting
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversEnabled
Require NTLMv2 session securityEnabled
Require 128-bit encryptionEnabled
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Printers
PolicySettingComment
Limits print driver installation to AdministratorsEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require use of specific security layer for remote (RDP) connectionsEnabled
Security LayerSSL
Choose the security layer from the drop-down list.
PolicySettingComment
Server authentication certificate templateEnabled
Certificate Template NameTPEMEA-RDPAE2years
PolicySettingComment
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
Windows Components/Smart Card
PolicySettingComment
Allow ECC certificates to be used for logon and authenticationEnabled
Preferences
Windows Settings
Registry
EnableCertPaddingCheck (Order: 1)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Cryptography\Wintrust\Config
Value nameEnableCertPaddingCheck
Value typeREG_SZ
Value data1
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
EnableCertPaddingCheck (Order: 2)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Cryptography\Wintrust\Config
Value nameEnableCertPaddingCheck
Value typeREG_SZ
Value data1
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Services
Service (Name: SCardSvr)
SCardSvr (Order: 1)
General
Service nameSCardSvr
ActionNo change
Startup type:Automatic
Wait timeout if service is locked:30 seconds
Service Account
Log on service as:No change
Recovery
First failure:No change
Second failure:No change
Subsequent failures:No change
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.