Policy Data collected on: 12/19/2012 12:10:47 PM General Details

Domain

Owner

Created 3/20/2008 10:47:14 AM

Modified 12/13/2012 11:05:38 AM

User Revisions 175 (AD), 175 (sysvol)

Computer Revisions 66 (AD), 66 (sysvol)

GPO Status Enabled Links

Location Enforced Link Status Path Security Filtering The in this GPO can only apply to the following groups, users, and computers:

Name

NT AUTHORITY\Authenticated Users WMI Filtering

WMI Filter Name None

Description Not applicable Delegation These groups and users have the specified permission for this GPO

Name Allowed Permissions Inherited

\Domain Admins Edit settings, delete, modify security No

\Enterprise Admins Edit settings, delete, modify security No

NT AUTHORITY\Authenticated Users Read (from Security Filtering) No

NT AUTHORITY\ENTERPRISE DOMAIN Read No

CONTROLLERS NT AUTHORITY\SYSTEM Edit settings, delete, modify security No Computer Configuration (Enabled) Policies Windows Settings Security Settings Account Policies/Password Policy

Policy Setting

Enforce password history 9 passwords remembered

Maximum password age 90 days

Minimum password age 0 days

Minimum password length 8 characters

Password must meet complexity requirements Enabled System Services Remote Registry (Startup Mode: Automatic) Permissions No permissions specified

Auditing No auditing specified

Administrative Templates Policy definitions (ADMX files) retrieved from the central store.

Network/Link-Layer Topology Discovery

Policy Setting Comment

Turn on Mapper I/O (LLTDIO) driver Enabled

Allow operation while in domain Enabled

Allow operation while in public network Enabled

Prohibit operation while in private network Enabled

System/Logon

Policy Setting Comment

Always wait for the network at computer Enabled

startup and logon Windows Components/

Policy Setting Comment

Configure Automatic Updates Disabled

No auto-restart with logged on users for Enabled

scheduled automatic updates installations Preferences Settings Services Service (name: RemoteRegistry) RemoteRegistry (order: 1) General

Action Start service

Startup type: Automatic

Wait timeout if service is locked: 30 seconds Service Account

Log on service as: No change

Recovery

First failure: No change

Second failure: No change

Subsequent failures: No change

Common Options

Stop processing items on this extension if an error occurs on this No item

Remove this item when it is no longer applied No

Apply once and do not reapply No

User Configuration (Enabled) Policies Windows Settings Scripts Logon

Name Parameters

\\\SysVol\\scripts\login.bat Maintenance Connection/Connection Settings This GPO contains connection settings.

Security/Security Zones and Content Ratings Security Zones and Privacy These settings will not apply to users that log on to computers that have the Internet Explorer Enhanced Security Configuration (ESC) enabled. To create settings for users on computers that have ESC enabled, create a new GPO and edit that GPO on a computer where ESC is enabled.

Internet (Security Level: Medium-high) .NET Framework-reliant components

Run components not signed with Authenticode Enable

Run components signed with Authenticode Enable ActiveX controls and plug-ins

Download signed ActiveX controls Prompt

Download unsigned ActiveX controls Disable

Initialize and script ActiveX controls not marked as safe Disable

Run ActiveX controls and plug-ins Enable

Script ActiveX controls marked safe for scripting Enable

Downloads

File download Enable

Font download Enable

Microsoft VM

Java permissions High safety

Miscellaneous

Access data sources across domains Disable

Allow META REFRESH Enable

Display mixed content Prompt

Don't prompt for client certificate selection when no certificates Disable or only one certificate exists

Drag and drop or copy and paste files Enable

Installation of desktop items Prompt

Launching applications and unsafe files Prompt

Launching programs and files in an IFRAME Prompt

Navigate sub-frames across different domains Disable

Software channel permissions Medium safety

Submit nonencrypted form data Enable

Userdata persistence Enable

Scripting

Active scripting Enable

Allow paste operations via script Prompt Scripting of Java applets Enable

User Authentication

Logon Automatic logon only in Intranet zone

Local intranet (Security Level: Custom) .NET Framework-reliant components

Run components not signed with Authenticode Enable

Run components signed with Authenticode Enable

ActiveX controls and plug-ins

Download signed ActiveX controls Prompt

Download unsigned ActiveX controls Disable

Initialize and script ActiveX controls not marked as safe Disable

Run ActiveX controls and plug-ins Enable

Script ActiveX controls marked safe for scripting Enable

Downloads

File download Enable

Font download Enable

Microsoft VM

Java permissions Medium safety

Miscellaneous

Access data sources across domains Prompt

Allow META REFRESH Enable

Display mixed content Prompt

Don't prompt for client certificate selection when no certificates Enable or only one certificate exists

Drag and drop or copy and paste files Enable

Installation of desktop items Prompt

Launching applications and unsafe files Enable

Launching programs and files in an IFRAME Prompt

Navigate sub-frames across different domains Enable Software channel permissions Medium safety

Submit nonencrypted form data Enable

Userdata persistence Enable

Scripting

Active scripting Enable

Allow paste operations via script Enable

Scripting of Java applets Enable

User Authentication

Logon Automatic logon only in Intranet zone

Sites

Require verification (https:) for all sites in this zone Disabled

Include all local (intranet) sites not listed in other zones Disabled

Include all sites that bypass the proxy server Disabled

Include all network paths (UNCs) Disabled

Sites in this zone

None

Trusted sites (Security Level: Medium) .NET Framework-reliant components

Run components not signed with Authenticode Enable

Run components signed with Authenticode Enable

ActiveX controls and plug-ins

Download signed ActiveX controls Prompt

Download unsigned ActiveX controls Disable

Initialize and script ActiveX controls not marked as safe Disable

Run ActiveX controls and plug-ins Enable

Script ActiveX controls marked safe for scripting Enable

Downloads

File download Enable Font download Enable

Microsoft VM

Java permissions High safety

Miscellaneous

Access data sources across domains Disable

Allow META REFRESH Enable

Display mixed content Prompt

Don't prompt for client certificate selection when no certificates Disable or only one certificate exists

Drag and drop or copy and paste files Enable

Installation of desktop items Prompt

Launching applications and unsafe files Prompt

Launching programs and files in an IFRAME Prompt

Navigate sub-frames across different domains Disable

Software channel permissions Medium safety

Submit nonencrypted form data Enable

Userdata persistence Enable

Scripting

Active scripting Enable

Allow paste operations via script Prompt

Scripting of Java applets Enable

User Authentication

Logon Automatic logon only in Intranet zone

Restricted sites (Security Level: High) .NET Framework-reliant components

Run components not signed with Authenticode Disable

Run components signed with Authenticode Disable

ActiveX controls and plug-ins

Download signed ActiveX controls Disable Download unsigned ActiveX controls Disable

Initialize and script ActiveX controls not marked as safe Disable

Run ActiveX controls and plug-ins Disable

Script ActiveX controls marked safe for scripting Disable

Downloads

File download Disable

Font download Disable

Microsoft VM

Java permissions Disable Java

Miscellaneous

Access data sources across domains Disable

Allow META REFRESH Disable

Display mixed content Prompt

Don't prompt for client certificate selection when no certificates Disable or only one certificate exists

Drag and drop or copy and paste files Prompt

Installation of desktop items Disable

Launching applications and unsafe files Disable

Launching programs and files in an IFRAME Disable

Navigate sub-frames across different domains Disable

Software channel permissions High safety

Submit nonencrypted form data Prompt

Userdata persistence Disable

Scripting

Active scripting Disable

Allow paste operations via script Disable

Scripting of Java applets Disable

User Authentication Logon Prompt for user name and password

Sites

Sites in this zone

None

Privacy

Privacy Level Medium

Web Sites

Always allow None

Always block None

Administrative Templates Policy definitions (ADMX files) retrieved from the central store.

Control Panel

Policy Setting Comment

Prohibit access to the Control Panel Enabled Control Panel/Personalization

Policy Setting Comment

Password protect the screen saver Enabled

Prevent changing desktop background Enabled

Screen saver timeout Enabled

Number of seconds to wait to enable the screen saver

Seconds: 600

Desktop/Desktop

Policy Setting Comment

Allow only bitmapped wallpaper Enabled

Desktop Wallpaper Enabled

Wallpaper Name: c:\windows\ Wallpaper.bmp

Example: Using a local path: C:\windows\web\wallpaper\home.jpg

Example: Using a UNC path: \\Server\Share\Corp.jpg

Wallpaper Style: Stretch

Policy Setting Comment Disable Active Desktop Enabled

Disallows HTML and Jpg Wallpaper

Policy Setting Comment

Disable all items Enabled

Enable Active Desktop Disabled

Prohibit changes Enabled Microsoft Access 2010/Application Settings/Security/Trust Center/Trusted Locations

Policy Setting Comment

Allow Trusted Locations on the network Enabled

Trusted Location #1 Enabled

Path: \\****\Common\Pride Forms

Date:

Description:

Allow sub folders: Disabled

Microsoft Office Access 2007/Application Settings/Security/Trust Center/Trusted Locations

Policy Setting Comment

Allow Trusted Locations not on the Enabled

computer

Trusted Location #1 Enabled

Path: \\****\Common\Pride Forms

Date:

Description: On the Spot

Allow sub folders: Disabled

Microsoft Office Outlook 2007/Tools | Account Settings/Exchange/Cached Exchange Mode

Policy Setting Comment

Use Cached Exchange Mode for new and Disabled

existing Outlook profiles Microsoft Office Outlook 2007/Tools | Options.../Preferences/E- Options/Tracking Options

Policy Setting Comment

Options Enabled Process requests and responses on arrival Enabled

Process receipts on arrival Enabled

Delete blank voting and meeting responses after processing Disabled

Request a read receipt for all messages a user sends Disabled

Request delivery rcpt for all msgs a user sends (Exchange Disabled only)

When Outlook is asked to respond to a read receipt request: Always send a response

Microsoft Outlook 2010/Account Settings/Exchange/Cached Exchange Mode

Policy Setting Comment

Use Cached Exchange Mode for new and Disabled

existing Outlook profiles Microsoft Outlook 2010/Outlook Options/Preferences/E-mail Options/Tracking Options

Policy Setting Comment

Options Enabled

Process requests and responses on arrival Enabled

Process receipts on arrival Enabled

Delete blank voting and meeting responses after processing Disabled

Request a read receipt for all messages a user sends Disabled

Request delivery rcpt for all msgs a user sends (Exchange Disabled only)

When Outlook is asked to respond to a read receipt request: Always send a response

Network/Network Connections

Policy Setting Comment

Prohibit access to the New Connection Enabled

Wizard and

Policy Setting Comment

Force classic Start Menu Enabled

Remove Default Programs link from the Enabled

Start menu.

Remove Games link from Start Menu Enabled Remove Help menu from Start Menu Enabled

Remove Network Connections from Start Enabled

Menu

Remove Run menu from Start Menu Enabled

Remove the icon Enabled System

Policy Setting Comment

Don't run specified Windows applications Enabled

List of disallowed applications

a2009.exe

aim6.exe

Antivirus2009.exe

AntivirusPro2009.exe

av2009.exe

av2009[1].exe

AV2009Install.exe

AV2009Install[1].exe

AV2009Install_880405[1].exe

AV2009Install_880405[2].exe

CarbonitePreinstaller.exe

cha-ching!.exe

ChromeSetup.exe

Firefox Setup 3.0.10.exe

Google_Updater.exe

ieexplorer32.exe

incredimail.exe

install.exe Install_AIM.exe

iTunesHelper.exe

MSA.cpl

MSA.exe

MSASetup.exe

.exe

msgr8us.exe

msmsgs.exe

msnmsgr.exe

MSx.exe

MWSOEMON.EXE

myspaceim.exe

OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe

pokerstarsupdate.exe

Power-Antivirus-2009.exe

rstrui.exe

Safari.exe

SafariSetup.exe

setup.exe

tune.exe

Windows6.0-KB961260-x86.msu

WindowsXP-KB936929-SP3-x86-ENU.exe

wlsetup-custom.exe

YahooMessenger.exe

Policy Setting Comment Prevent access to registry editing tools Enabled

Disable regedit from running silently? Yes

Windows Components/Desktop Gadgets

Policy Setting Comment

Turn off desktop gadgets Enabled Windows Components/Desktop

Policy Setting Comment

Do not allow window animations Disabled Windows Components/Internet Explorer

Policy Setting Comment

Disable AutoComplete for forms Enabled

Disable changing Advanced page settings Enabled

Disable changing home page settings Enabled

Home Page

Policy Setting Comment

Do not allow users to enable or disable Enabled

add-ons

Prevent participation in the Customer Enabled

Experience Improvement Program

Prevent performance of First Run Enabled

Customize settings

Select your choice Go directly to home page

Windows Components/Internet Explorer/Browser menus

Policy Setting Comment

Help menu: Remove 'For Netscape Users' Enabled

menu option Windows Components/Internet Explorer/Internet Control Panel

Policy Setting Comment

Disable the Connections page Enabled

Disable the Content page Enabled

Disable the Programs page Enabled Windows Components/Internet Explorer/Internet Control Panel/Security Page

Policy Setting Comment Site to Zone Assignment List Enabled

Enter the zone assignments here.

********** 2

Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone

Policy Setting Comment

Download unsigned ActiveX controls Enabled

Download unsigned ActiveX controls Prompt

Windows Components/Internet Explorer/Toolbars

Policy Setting Comment

Disable customizing browser toolbars Enabled Windows Components/Windows Explorer

Policy Setting Comment

Hides the Manage item on the Windows Enabled

Explorer context menu Windows Components/Windows Explorer/Previous Versions

Policy Setting Comment

Hide previous versions list for local files Enabled

Hide previous versions list for remote files Enabled

Hide previous versions of files on backup Enabled

location Windows Components/

Policy Setting Comment

Do not allow Windows Messenger to be Enabled

run

Do not automatically start Windows Enabled

Messenger initially Windows Components/Windows Update

Policy Setting Comment

Remove access to use all Windows Enabled

Update features

Configure notifications:

Preferences Control Panel Settings Power Options Power Scheme (name: Home/Office Desk) Home/Office Desk (order: 1) Properties

Action Update

Make this the active Power Scheme: Enabled

When computer is: Plugged in Running on batteries

Turn off monitor: After 30 minutes After 5 minutes

Turn off hard disks: Never After 10 minutes

System standby: Never After 5 minutes

System hibernates: Never After 20 minutes

Common Options

Stop processing items on this extension if an error occurs on this No item

Run in logged-on user's security context (user policy option) No

Remove this item when it is no longer applied No

Apply once and do not reapply No