Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
XKPRN-PO-WIN-C-PCI_GESCP_Restrictions-All
Data collected on: 2-9-2025 09:57:13
General
Details
Domainemea.tpg.ads
OwnerEMEA\bahtiri.5-adm
Created7-5-2021 23:09:56
Modified1-4-2025 11:34:38
User Revisions2 (AD), 2 (SYSVOL)
Computer Revisions117 (AD), 117 (SYSVOL)
Unique ID{262b20fc-3c75-4473-b206-ed462b4ad7e7}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
PRNNoEnabledemea.tpg.ads/XK/Systems/Clients/PRN

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\XK-L-SEC-Computer PCI Restrictions Test
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\bahtiri.5-admEdit settings, delete, modify securityNo
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\XK-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\XK-L-SEC-Computer PCI Restrictions TestRead (from Security Filtering)No
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingSuccess, Failure
Audit system eventsSuccess, Failure
Local Policies/Security Options
Accounts
PolicySetting
Accounts: Administrator account statusEnabled
Accounts: Guest account statusDisabled
Accounts: Rename administrator account"tpaxkadm"
Accounts: Rename guest account"localguest"
Domain Member
PolicySetting
Domain member: Maximum machine account password age60 days
Interactive Logon
PolicySetting
Interactive logon: Do not require CTRL+ALT+DELDisabled
Interactive logon: Don't display last signed-inEnabled
Interactive logon: Message text for users attempting to log onThis computer system is the property of Teleperformance., Use of this computer system is restricted to official Teleperformance business., Teleperformance reserves the right to monitor use of the computer system at any time., Use of this system constitutes consent to such monitoring., Any unauthorized access, use, or modification of the computer system can result in civil, liability and/or criminal penalties.
Interactive logon: Message title for users attempting to log on"WARNING: IF YOU ARE NOT AUTHORIZED TO LOGON TO THIS PC,DON'T TRY TO LOGON!"
Interactive logon: Number of previous logons to cache (in case domain controller is not available)0 logons
Interactive logon: Prompt user to change password before expiration14 days
Interactive logon: Require Domain Controller authentication to unlock workstationEnabled
Microsoft Network Client
PolicySetting
Microsoft network client: Digitally sign communications (if server agrees)Enabled
Microsoft network client: Send unencrypted password to third-party SMB serversDisabled
Microsoft Network Server
PolicySetting
Microsoft network server: Digitally sign communications (always)Enabled
Microsoft network server: Digitally sign communications (if client agrees)Enabled
Network Access
PolicySetting
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabled
Network Security
PolicySetting
Network security: Do not store LAN Manager hash value on next password changeEnabled
Network security: LAN Manager authentication levelSend NTLMv2 response only. Refuse LM & NTLM
Shutdown
PolicySetting
Shutdown: Clear virtual memory pagefileEnabled
Other
PolicySetting
Interactive logon: Machine account lockout threshold5 invalid logon attempts
Interactive logon: Machine inactivity limit300 seconds
System Services
Windows Defender Firewall (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Remote Registry (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Update (Startup Mode: Manual)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy version2.28
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOn
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNo
Allow unicast responsesYes
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Inbound Rules
NameDescription
IN Domain ANY ANY
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
ProtocolAny
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface typeAll
ServiceAll programs and services
Allow edge traversalFalse
Group
Outbound Rules
NameDescription
OUT Domain ANY ANY
This rule might contain some elements that cannot be interpreted by the current version of GPMC reporting module
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
ProtocolAny
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface typeAll
ServiceAll programs and services
Group
Connection Security Settings
Advanced Audit Configuration
Account Logon
PolicySetting
Audit Credential ValidationSuccess, Failure
Audit Kerberos Authentication ServiceSuccess, Failure
Audit Kerberos Service Ticket OperationsSuccess, Failure
Audit Other Account Logon EventsSuccess, Failure
Account Management
PolicySetting
Audit Application Group ManagementSuccess, Failure
Audit Computer Account ManagementSuccess, Failure
Audit Distribution Group ManagementSuccess, Failure
Audit Other Account Management EventsSuccess, Failure
Audit Security Group ManagementSuccess, Failure
Audit User Account ManagementSuccess, Failure
Detailed Tracking
PolicySetting
Audit Process CreationSuccess, Failure
Audit Process TerminationSuccess, Failure
Audit RPC EventsSuccess, Failure
DS Access
PolicySetting
Audit Directory Service AccessSuccess, Failure
Audit Directory Service ChangesSuccess, Failure
Logon/Logoff
PolicySetting
Audit Account LockoutSuccess, Failure
Audit User / Device ClaimsSuccess, Failure
Audit LogoffSuccess, Failure
Audit LogonSuccess, Failure
Audit Other Logon/Logoff EventsSuccess, Failure
Audit Special LogonSuccess, Failure
Policy Change
PolicySetting
Audit Audit Policy ChangeSuccess, Failure
Audit Authentication Policy ChangeSuccess, Failure
Audit Authorization Policy ChangeSuccess, Failure
Audit Other Policy Change EventsSuccess, Failure
Privilege Use
PolicySetting
Audit Non Sensitive Privilege UseSuccess, Failure
Audit Other Privilege Use EventsSuccess, Failure
Audit Sensitive Privilege UseSuccess, Failure
System
PolicySetting
Audit IPsec DriverSuccess, Failure
Audit Other System EventsSuccess, Failure
Audit Security State ChangeSuccess, Failure
Audit Security System ExtensionSuccess, Failure
Audit System IntegritySuccess, Failure
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/DNS Client
PolicySettingComment
DNS suffix search listEnabled
DNS Suffixes:emea.tpg.ads
Network/IPv6 Configuration
PolicySettingComment
IPv6 Configuration PolicyEnabled
IPv6 ConfigurationDisable all IPv6 components
Network/Network Connections/Windows Defender Firewall/Domain Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound Remote Desktop exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Prohibit notificationsEnabled
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requestsDisabled
Windows Defender Firewall: Protect all network connectionsEnabled
Network/Network Connections/Windows Defender Firewall/Standard Profile
PolicySettingComment
Windows Defender Firewall: Allow ICMP exceptionsEnabled
Allow outbound destination unreachableEnabled
Allow outbound source quenchEnabled
Allow redirectEnabled
Allow inbound echo requestEnabled
Allow inbound router requestEnabled
Allow outbound time exceededEnabled
Allow outbound parameter problemEnabled
Allow inbound timestamp requestEnabled
Allow inbound mask requestEnabled
Allow outbound packet too bigEnabled
PolicySettingComment
Windows Defender Firewall: Allow inbound file and printer sharing exceptionEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound remote administration exception Enabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow inbound Remote Desktop exceptionsEnabled
Allow unsolicited incoming messages from these IP addresses:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following in the "Allow unsolicited"
incoming messages from these IP addresses":
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingComment
Windows Defender Firewall: Allow local program exceptionsEnabled
Windows Defender Firewall: Prohibit notificationsEnabled
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requestsDisabled
Windows Defender Firewall: Protect all network connectionsEnabled
Network/Offline Files
PolicySettingComment
Allow or Disallow use of the Offline Files featureDisabled
Prevent use of Offline Files folderEnabled
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
PolicySettingComment
Remove "Make Available Offline" commandEnabled
Synchronize all offline files before logging offDisabled
Synchronize all offline files when logging onDisabled
Synchronize offline files before suspendDisabled
System/Group Policy
PolicySettingComment
Configure user Group Policy loopback processing modeEnabled
Mode:Merge
System/Logon
PolicySettingComment
Always wait for the network at computer startup and logonEnabled
Hide entry points for Fast User SwitchingEnabled
System/OS Policies
PolicySettingComment
Allow Clipboard synchronization across devicesDisabled
Allow publishing of User ActivitiesDisabled
Allow upload of User ActivitiesDisabled
Enables Activity FeedDisabled
System/User Profiles
PolicySettingComment
Delete user profiles older than a specified number of days on system restartEnabled
Delete user profiles older than (days)15
PolicySettingComment
Do not log users on with temporary profilesEnabled
Windows Components/AutoPlay Policies
PolicySettingComment
Turn off AutoplayEnabled
Turn off Autoplay on:All drives
Windows Components/Desktop Gadgets
PolicySettingComment
Restrict unpacking and installation of gadgets that are not digitally signed.Enabled
Windows Components/Edge UI
PolicySettingComment
Allow edge swipeDisabled
Disable help tipsEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security
PolicySettingComment
Require use of specific security layer for remote (RDP) connectionsEnabled
Security LayerSSL
Choose the security layer from the drop-down list.
PolicySettingComment
Require user authentication for remote connections by using Network Level AuthenticationEnabled
Set client connection encryption levelEnabled
Encryption LevelHigh Level
Choose the encryption level from the drop-down list.
Windows Components/Windows Media Player
PolicySettingComment
Do Not Show First Use Dialog BoxesEnabled
Prevent Automatic UpdatesEnabled
Prevent Desktop Shortcut CreationEnabled
Prevent Media SharingEnabled
Prevent Quick Launch Toolbar Shortcut CreationEnabled
Windows Components/Windows Messenger
PolicySettingComment
Do not allow Windows Messenger to be runEnabled
Preferences
Windows Settings
Registry
CWDIllegalInDllSearch (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Control\Session Manager
Value nameCWDIllegalInDllSearch
Value typeREG_DWORD
Value data0x2 (2)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
DisabledComponents (Order: 2)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
Value nameDisabledComponents
Value typeREG_DWORD
Value data0xFF (255)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Collection: Disabling RC4 in .NET TLS
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
Registry item: SchUseStrongCrypto
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Registry item: SchUseStrongCrypto
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
Value nameSchUseStrongCrypto
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
Control Panel Settings
Local Users and Groups
User (Name: Administrator (built-in))
Administrator (built-in) (Order: 1)
Local User
ActionUpdate
Properties
User nameAdministrator (built-in)
User must change password at next logonFalse
User cannot change passwordFalse
Password never expiresFalse
Account is disabledFalse
Account expires5/18/2019
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyYes
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Tablet PC/Accessories
PolicySettingComment
Do not allow Snipping Tool to runEnabled