Policy Data collected on: 12/19/2012 12:10:47 PM General Details
Domain
Owner
Created 3/20/2008 10:47:14 AM
Modified 12/13/2012 11:05:38 AM
User Revisions 175 (AD), 175 (sysvol)
Computer Revisions 66 (AD), 66 (sysvol)
GPO Status Enabled Links
Location Enforced Link Status Path Security Filtering The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users WMI Filtering
WMI Filter Name None
Description Not applicable Delegation These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
\Domain Admins Edit settings, delete, modify security No
\Enterprise Admins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN Read No
CONTROLLERS NT AUTHORITY\SYSTEM Edit settings, delete, modify security No Computer Configuration (Enabled) Policies Windows Settings Security Settings Account Policies/Password Policy
Policy Setting
Enforce password history 9 passwords remembered
Maximum password age 90 days
Minimum password age 0 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled System Services Remote Registry (Startup Mode: Automatic) Permissions No permissions specified
Auditing No auditing specified
Administrative Templates Policy definitions (ADMX files) retrieved from the central store.
Network/Link-Layer Topology Discovery
Policy Setting Comment
Turn on Mapper I/O (LLTDIO) driver Enabled
Allow operation while in domain Enabled
Allow operation while in public network Enabled
Prohibit operation while in private network Enabled
System/Logon
Policy Setting Comment
Always wait for the network at computer Enabled
startup and logon Windows Components/Windows Update
Policy Setting Comment
Configure Automatic Updates Disabled
No auto-restart with logged on users for Enabled
scheduled automatic updates installations Preferences Control Panel Settings Services Service (name: RemoteRegistry) RemoteRegistry (order: 1) General
Action Start service
Startup type: Automatic
Wait timeout if service is locked: 30 seconds Service Account
Log on service as: No change
Recovery
First failure: No change
Second failure: No change
Subsequent failures: No change
Common Options
Stop processing items on this extension if an error occurs on this No item
Remove this item when it is no longer applied No
Apply once and do not reapply No
User Configuration (Enabled) Policies Windows Settings Scripts Logon
Name Parameters
\\\SysVol\\scripts\login.bat Internet Explorer Maintenance Connection/Connection Settings This GPO contains connection settings.
Security/Security Zones and Content Ratings Security Zones and Privacy These settings will not apply to users that log on to computers that have the Internet Explorer Enhanced Security Configuration (ESC) enabled. To create settings for users on computers that have ESC enabled, create a new GPO and edit that GPO on a computer where ESC is enabled.
Internet (Security Level: Medium-high) .NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching applications and unsafe files Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Disable
Software channel permissions Medium safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Prompt Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Local intranet (Security Level: Custom) .NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions Medium safety
Miscellaneous
Access data sources across domains Prompt
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Enable or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching applications and unsafe files Enable
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Enable Software channel permissions Medium safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Enable
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zone Disabled
Include all local (intranet) sites not listed in other zones Disabled
Include all sites that bypass the proxy server Disabled
Include all network paths (UNCs) Disabled
Sites in this zone
None
Trusted sites (Security Level: Medium) .NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable Font download Enable
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching applications and unsafe files Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Disable
Software channel permissions Medium safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Prompt
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Restricted sites (Security Level: High) .NET Framework-reliant components
Run components not signed with Authenticode Disable
Run components signed with Authenticode Disable
ActiveX controls and plug-ins
Download signed ActiveX controls Disable Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script ActiveX controls marked safe for scripting Disable
Downloads
File download Disable
Font download Disable
Microsoft VM
Java permissions Disable Java
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Disable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable or only one certificate exists
Drag and drop or copy and paste files Prompt
Installation of desktop items Disable
Launching applications and unsafe files Disable
Launching programs and files in an IFRAME Disable
Navigate sub-frames across different domains Disable
Software channel permissions High safety
Submit nonencrypted form data Prompt
Userdata persistence Disable
Scripting
Active scripting Disable
Allow paste operations via script Disable
Scripting of Java applets Disable
User Authentication Logon Prompt for user name and password
Sites
Sites in this zone
None
Privacy
Privacy Level Medium
Web Sites
Always allow None
Always block None
Administrative Templates Policy definitions (ADMX files) retrieved from the central store.
Control Panel
Policy Setting Comment
Prohibit access to the Control Panel Enabled Control Panel/Personalization
Policy Setting Comment
Password protect the screen saver Enabled
Prevent changing desktop background Enabled
Screen saver timeout Enabled
Number of seconds to wait to enable the screen saver
Seconds: 600
Desktop/Desktop
Policy Setting Comment
Allow only bitmapped wallpaper Enabled
Desktop Wallpaper Enabled
Wallpaper Name: c:\windows\ Wallpaper.bmp
Example: Using a local path: C:\windows\web\wallpaper\home.jpg
Example: Using a UNC path: \\Server\Share\Corp.jpg
Wallpaper Style: Stretch
Policy Setting Comment Disable Active Desktop Enabled
Disallows HTML and Jpg Wallpaper
Policy Setting Comment
Disable all items Enabled
Enable Active Desktop Disabled
Prohibit changes Enabled Microsoft Access 2010/Application Settings/Security/Trust Center/Trusted Locations
Policy Setting Comment
Allow Trusted Locations on the network Enabled
Trusted Location #1 Enabled
Path: \\****\Common\Pride Forms
Date:
Description:
Allow sub folders: Disabled
Microsoft Office Access 2007/Application Settings/Security/Trust Center/Trusted Locations
Policy Setting Comment
Allow Trusted Locations not on the Enabled
computer
Trusted Location #1 Enabled
Path: \\****\Common\Pride Forms
Date:
Description: On the Spot
Allow sub folders: Disabled
Microsoft Office Outlook 2007/Tools | Account Settings/Exchange/Cached Exchange Mode
Policy Setting Comment
Use Cached Exchange Mode for new and Disabled
existing Outlook profiles Microsoft Office Outlook 2007/Tools | Options.../Preferences/E-mail Options/Tracking Options
Policy Setting Comment
Options Enabled Process requests and responses on arrival Enabled
Process receipts on arrival Enabled
Delete blank voting and meeting responses after processing Disabled
Request a read receipt for all messages a user sends Disabled
Request delivery rcpt for all msgs a user sends (Exchange Disabled only)
When Outlook is asked to respond to a read receipt request: Always send a response
Microsoft Outlook 2010/Account Settings/Exchange/Cached Exchange Mode
Policy Setting Comment
Use Cached Exchange Mode for new and Disabled
existing Outlook profiles Microsoft Outlook 2010/Outlook Options/Preferences/E-mail Options/Tracking Options
Policy Setting Comment
Options Enabled
Process requests and responses on arrival Enabled
Process receipts on arrival Enabled
Delete blank voting and meeting responses after processing Disabled
Request a read receipt for all messages a user sends Disabled
Request delivery rcpt for all msgs a user sends (Exchange Disabled only)
When Outlook is asked to respond to a read receipt request: Always send a response
Network/Network Connections
Policy Setting Comment
Prohibit access to the New Connection Enabled
Wizard Start Menu and Taskbar
Policy Setting Comment
Force classic Start Menu Enabled
Remove Default Programs link from the Enabled
Start menu.
Remove Games link from Start Menu Enabled Remove Help menu from Start Menu Enabled
Remove Network Connections from Start Enabled
Menu
Remove Run menu from Start Menu Enabled
Remove the Action Center icon Enabled System
Policy Setting Comment
Don't run specified Windows applications Enabled
List of disallowed applications
a2009.exe
aim6.exe
Antivirus2009.exe
AntivirusPro2009.exe
av2009.exe
av2009[1].exe
AV2009Install.exe
AV2009Install[1].exe
AV2009Install_880405[1].exe
AV2009Install_880405[2].exe
CarbonitePreinstaller.exe
cha-ching!.exe
ChromeSetup.exe
Firefox Setup 3.0.10.exe
Google_Updater.exe
ieexplorer32.exe
incredimail.exe
install.exe Install_AIM.exe
iTunesHelper.exe
MSA.cpl
MSA.exe
MSASetup.exe
msconfig.exe
msgr8us.exe
msmsgs.exe
msnmsgr.exe
MSx.exe
MWSOEMON.EXE
myspaceim.exe
OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
pokerstarsupdate.exe
Power-Antivirus-2009.exe
rstrui.exe
Safari.exe
SafariSetup.exe
setup.exe
tune.exe
Windows6.0-KB961260-x86.msu
WindowsXP-KB936929-SP3-x86-ENU.exe
wlsetup-custom.exe
YahooMessenger.exe
Policy Setting Comment Prevent access to registry editing tools Enabled
Disable regedit from running silently? Yes
Windows Components/Desktop Gadgets
Policy Setting Comment
Turn off desktop gadgets Enabled Windows Components/Desktop Window Manager
Policy Setting Comment
Do not allow window animations Disabled Windows Components/Internet Explorer
Policy Setting Comment
Disable AutoComplete for forms Enabled
Disable changing Advanced page settings Enabled
Disable changing home page settings Enabled
Home Page
Policy Setting Comment
Do not allow users to enable or disable Enabled
add-ons
Prevent participation in the Customer Enabled
Experience Improvement Program
Prevent performance of First Run Enabled
Customize settings
Select your choice Go directly to home page
Windows Components/Internet Explorer/Browser menus
Policy Setting Comment
Help menu: Remove 'For Netscape Users' Enabled
menu option Windows Components/Internet Explorer/Internet Control Panel
Policy Setting Comment
Disable the Connections page Enabled
Disable the Content page Enabled
Disable the Programs page Enabled Windows Components/Internet Explorer/Internet Control Panel/Security Page
Policy Setting Comment Site to Zone Assignment List Enabled
Enter the zone assignments here.
********** 2
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
Policy Setting Comment
Download unsigned ActiveX controls Enabled
Download unsigned ActiveX controls Prompt
Windows Components/Internet Explorer/Toolbars
Policy Setting Comment
Disable customizing browser toolbars Enabled Windows Components/Windows Explorer
Policy Setting Comment
Hides the Manage item on the Windows Enabled
Explorer context menu Windows Components/Windows Explorer/Previous Versions
Policy Setting Comment
Hide previous versions list for local files Enabled
Hide previous versions list for remote files Enabled
Hide previous versions of files on backup Enabled
location Windows Components/Windows Messenger
Policy Setting Comment
Do not allow Windows Messenger to be Enabled
run
Do not automatically start Windows Enabled
Messenger initially Windows Components/Windows Update
Policy Setting Comment
Remove access to use all Windows Enabled
Update features
Configure notifications:
Preferences Control Panel Settings Power Options Power Scheme (name: Home/Office Desk) Home/Office Desk (order: 1) Properties
Action Update
Make this the active Power Scheme: Enabled
When computer is: Plugged in Running on batteries
Turn off monitor: After 30 minutes After 5 minutes
Turn off hard disks: Never After 10 minutes
System standby: Never After 5 minutes
System hibernates: Never After 20 minutes
Common Options
Stop processing items on this extension if an error occurs on this No item
Run in logged-on user's security context (user policy option) No
Remove this item when it is no longer applied No
Apply once and do not reapply No