Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
UA-PO-SEC-C-Workstations common policy
Data collected on: 2-9-2025 08:51:31
General
Details
Domainemea.tpg.ads
OwnerEMEA\efimov.6
Created9-9-2014 12:28:12
Modified4-10-2024 13:36:58
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions128 (AD), 128 (SYSVOL)
Unique ID{34b593e0-0fe2-4d40-a0b1-3726712ae171}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/UA/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\efimov.6Edit settings, delete, modify securityNo
EMEA\UA-L-SEC-Delegation Full AccessEdit settings, delete, modify securityNo
EMEA\UA-L-SEC-Delegation Group Policy Objects Modify AccessEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
S-1-5-21-513466819-3096973226-347852806-203252ReadNo
Computer Configuration (Enabled)
Policies
Windows Settings
Scripts
Startup
For this GPO, Script order: Not configured
NameParameters
__WS_CommonStartUpScript.cmd
Security Settings
Event Log
PolicySetting
Maximum security log size3145728 kilobytes
System Services
Windows Defender Firewall (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Public Key Policies/Trusted Root Certification Authorities
Certificates
Issued ToIssued ByExpiration DateIntended Purposes
plwa2fwvip.emea.tpg.adsplwa2fwvip.emea.tpg.ads31-3-2025 11:35:16<All>
Zscaler Root CAZscaler Root CA6-5-2042 02:27:55<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Public Key Policies/Trusted Publishers Certificates
Issued ToIssued ByExpiration DateIntended Purposes
plwa2fwvip.emea.tpg.adsplwa2fwvip.emea.tpg.ads31-3-2025 11:35:16<All>

For additional information about individual settings, launch the Local Group Policy Object Editor.
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy versionNot Configured
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/DNS Client
PolicySettingComment
Connection-specific DNS suffixEnabled
DNS suffix:emea.tpg.ads
PolicySettingComment
Dynamic updateEnabled
Primary DNS suffixEnabled
Enter a primary DNS suffix:emea.tpg.ads
PolicySettingComment
Register DNS records with connection-specific DNS suffixEnabled
Register PTR recordsEnabled
Register PTR records:Register only if A record registration succeeds
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Network Connections
PolicySettingComment
Prohibit use of Internet Connection Firewall on your DNS domain networkEnabled
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
Network/Network Connections/Windows Defender Firewall/Standard Profile
PolicySettingComment
Windows Defender Firewall: Protect all network connectionsDisabled
System/Group Policy
PolicySettingComment
Configure Logon Script DelayEnabled
minute:2
PolicySettingComment
Specify startup policy processing wait timeEnabled
Amount of time to wait (in seconds):60
PolicySettingComment
Specify workplace connectivity wait time for policy processingEnabled
Amount of time to wait (in seconds):60
System/Logon
PolicySettingComment
Always wait for the network at computer startup and logonEnabled
System/User Profiles
PolicySettingComment
Wait for remote user profileEnabled
Windows Components/App Privacy
PolicySettingComment
Let Windows apps access the calendarEnabled
Default for all apps:Force Deny
Put user in control of these specific apps (use Package Family Names):
Force allow these specific apps (use Package Family Names):
Force deny these specific apps (use Package Family Names):
Windows Components/AutoPlay Policies
PolicySettingComment
Disallow Autoplay for non-volume devicesEnabled
Set the default behavior for AutoRunEnabled
Default AutoRun BehaviorDo not execute any autorun commands
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/BitLocker Drive Encryption/Operating System Drives
PolicySettingComment
Require additional authentication at startupEnabled
Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)Enabled
Settings for computers with a TPM:
Configure TPM startup:Allow TPM
Configure TPM startup PIN:Allow startup PIN with TPM
Configure TPM startup key:Allow startup key with TPM
Configure TPM startup key and PIN:Allow startup key and PIN with TPM
Windows Components/Data Collection and Preview Builds
PolicySettingComment
Allow device name to be sent in Windows diagnostic dataDisabled
Allow Diagnostic DataDisabled
Do not show feedback notificationsEnabled
Windows Components/Search
PolicySettingComment
Allow Cloud SearchDisabled
Allow CortanaDisabled
Allow Cortana above lock screenDisabled
Allow Cortana Page in OOBE on an AAD accountDisabled
Allow search and Cortana to use locationDisabled
Do not allow web searchEnabled
Don't search the web or display web results in SearchEnabled
Don't search the web or display web results in Search over metered connectionsEnabled
Windows Components/Windows Defender SmartScreen/Explorer
PolicySettingComment
Configure App Install ControlDisabled
Configure Windows Defender SmartScreenDisabled
Preferences
Windows Settings
Files
File (Target Path: %SystemRoot%\System32\drivers\etc\hosts)
hosts file (Order: 1)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{34B593E0-0FE2-4D40-A0B1-3726712AE171}\Machine\files\hosts
Destination file%SystemRoot%\System32\drivers\etc\hosts
Suppress errors on individual file actionsEnabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
File (Target Path: c:\PortableApps\KeePass)
KeePass (Order: 2)
General
ActionReplace
Properties
Source file(s)\\uachefs01.emea.tpg.ads\REMINST\Software\KeePass\*.*
Destination folderc:\PortableApps\KeePass
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Item-level targeting: Filter Group
AttributeValue
boolAND
not0
Item-level targeting: File Match
AttributeValue
boolAND
not1
pathC:\PortableApps\KeePass\KeePass.exe
typeEXISTS
folder0
File (Target Path: c:\PortableApps\KeePass\XSL)
XSL (Order: 3)
General
ActionReplace
Properties
Source file(s)\\uachefs01.emea.tpg.ads\REMINST\Software\KeePass\XSL\*.*
Destination folderc:\PortableApps\KeePass\XSL
Suppress errors on individual file actionsDisabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Item-level targeting: Filter Group
AttributeValue
boolAND
not0
Item-level targeting: File Match
AttributeValue
boolAND
not1
pathC:\PortableApps\KeePass\XSL\KDBX_Styles.css
typeEXISTS
folder0
File (Target Path: c:\temp\ua_remove_nrpt.reg)
ua_remove_nrpt.reg (Order: 4)
General
ActionReplace
Properties
Source file(s)\\emea.tpg.ads\SYSVOL\emea.tpg.ads\Policies\{34B593E0-0FE2-4D40-A0B1-3726712AE171}\Machine\files\ua_remove_nrpt.reg
Destination filec:\temp\ua_remove_nrpt.reg
Suppress errors on individual file actionsEnabled
Attributes
Read-onlyDisabled
HiddenDisabled
ArchiveEnabled
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry
Shell (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value nameShell
Value typeREG_SZ
Value dataexplorer.exe
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AllowElevatedTrustAppsInBrowser (Order: 2)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Silverlight
Value nameAllowElevatedTrustAppsInBrowser
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AllowLaunchOfElevatedTrustApps (Order: 3)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\Silverlight
Value nameAllowLaunchOfElevatedTrustApps
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AllowElevatedTrustAppsInBrowser (Order: 4)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Silverlight
Value nameAllowElevatedTrustAppsInBrowser
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
AllowLaunchOfElevatedTrustApps (Order: 5)
General
ActionCreate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Silverlight
Value nameAllowLaunchOfElevatedTrustApps
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
GpNetworkStartTimeoutPolicyValue (Order: 6)
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value nameGpNetworkStartTimeoutPolicyValue
Value typeREG_DWORD
Value data0x3C (60)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Disable Skype for Desktop update
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Item-level targeting: File Match
AttributeValue
boolAND
not0
pathc:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
typeEXISTS
folder0
Registry item: DisableVersionCheck
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Skype\Phone
Value nameDisableVersionCheck
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Disable RC4
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: Enable
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
Value nameEnable
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: Enable
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
Value nameEnable
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: Enable
General
ActionReplace
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
Value nameEnable
Value typeREG_DWORD
Value data0x0 (0)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Scheduled Tasks
Scheduled Task (At least Windows 7) (Name: Restart McpService.exe)
Restart McpService.exe (Order: 1)
General
ActionUpdate
Task
Name Restart McpService.exe
Author EMEA\kornev.5-adm
Description
Run only when user is logged on
GroupId NT AUTHORITY\System
Run with highest privileges HighestAvailable
Hidden No
Configure for 1.2
Enabled Yes
Triggers
1. Run at user logon
Delay task for 1 minute
Activate 13-10-2021 15:31:49Synchronize across time zones No
Enabled Yes
Actions
1. Start a program
Program/script taskkill.exe
Arguments /IM McpService.exe /F
Settings
Stop if the computer ceases to be idle No
Restart if the idle state resumes No
Start the task only if the computer is on AC power No
Stop if the computer switches to battery power No
Allow task to be run on demand Yes
Stop task if it runs longer than 3 days
If the running task does not end when requested, force it to stop Yes
If the task is already running, then the following rule applies IgnoreNew
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.