Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
AEC01_ClientPolicy_ND_1.1
Data collected on: 26/05/2015 14:40:26
General
Details
Domainaecuk.aec.local
OwnerAECUK\Domain Admins
Created27/06/2013 10:11:54
Modified27/06/2013 11:09:34
User Revisions1 (AD), 1 (sysvol)
Computer Revisions1 (AD), 1 (sysvol)
Unique ID{6E12F441-9E1F-4F87-92D9-F913FD11A5B7}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
AECTESTNoDisabledaecuk.aec.local/AECTEST

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
AEC\Enterprise AdminsEdit settings, delete, modify securityNo
AECUK\Domain AdminsEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Registry
MACHINE\SYSTEM\ControlSet001\Control
Configure this key then: Propagate inheritable permissions to all subkeys
Owner
Permissions
TypeNamePermissionApply To
AllowCREATOR OWNERFull controlSubkeys only
AllowNT AUTHORITY\SYSTEMFull controlThis key and subkeys
AllowBUILTIN\AdministratorsFull controlThis key and subkeys
AllowAECUK\Domain UsersFull controlThis key and subkeys
AllowBUILTIN\UsersReadThis key and subkeys
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Windows Firewall with Advanced Security
Global Settings
PolicySetting
Policy versionNot Configured
Disable stateful FTPNot Configured
Disable stateful PPTPNot Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encodingNot Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Domain Profile Settings
PolicySetting
Firewall stateOff
Inbound connectionsNot Configured
Outbound connectionsNot Configured
Apply local firewall rulesNot Configured
Apply local connection security rulesNot Configured
Display notificationsNot Configured
Allow unicast responsesNot Configured
Log dropped packetsNot Configured
Log successful connectionsNot Configured
Log file pathNot Configured
Log file maximum size (KB)Not Configured
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Network/Network Connections/Windows Firewall/Domain Profile
PolicySettingComment
Windows Firewall: Protect all network connectionsDisabled
Network/Network Connections/Windows Firewall/Standard Profile
PolicySettingComment
Windows Firewall: Protect all network connectionsDisabled
System/Group Policy
PolicySettingComment
Turn off background refresh of Group PolicyDisabled
System/Logon
PolicySettingComment
Don't display the Getting Started welcome screen at logonEnabled
System/Scripts
PolicySettingComment
Run logon scripts synchronouslyEnabled
System/User Profiles
PolicySettingComment
Add the Administrators security group to roaming user profilesEnabled
Do not check for user ownership of Roaming Profile FoldersEnabled
Prompt user when a slow network connection is detectedEnabled
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
PolicySettingComment
Java permissionsEnabled
Java permissionsLow safety
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesEnabled
This setting must be set for the machine and the user to be enforced.
PolicySettingComment
Enable user to browse for source while elevatedEnabled
Enable user to patch elevated productsEnabled
User Configuration (Enabled)
Policies
Windows Settings
Scripts
Logon
For this GPO, Script order: Not configured
NameParameters
ecs.bhx1.default_aec-users.vbs
Internet Explorer Maintenance
Connection/Proxy Settings
Enable proxy settings
ProtocolServerPort
HTTPaecuk-proxy8080
Secureaecuk-proxy8080
FTPaecuk-proxy8080
Gopheraecuk-proxy8080
Socksaecuk-proxy8080
Exceptions:Do not use proxy server for addresses beginning withaecrev2.proxy, *.local, *.root.local, *.adphc.com, 126.14.40.85, Hrpsoft.goodrich.com, *.ecs.goodrich.com, 149.223.*, 168.204.*, talentstream.goodrich.com, onesite.goodrich.com, 10.102.95.*, 10.201.*, 10.204.*, travel.goodrich.com, exports.goodrich.com, km.goodrich.com, recordsmanagement.goodrich.com, hrpsoftnew.goodrich.com, *.itss.goodrich.com, 1.1.1.1,
Do not use proxy server for local (intranet) addressesEnabled
URLs/Important URLs
NameURL
Home page URLhttp://intranet.lecs.goodrich.root.local/default.aspx
Search bar URLNot configured
Online support page URLNot configured
URLs/Favorites and Links
PolicySetting
Place favorites and links at the top of the list in the order specified belowNot configured
Delete existing Favorites and Links, if presentNot configured
Delete existing channels, if presentNot configured
Favorites
NameURL
Citrix Web Accesshttp://icalecsweb
Outlook Web Accesshttps://owa.aeroenginecontrols.com/owa
IT Service Deskhttp://aec01a-wwdev01/ITSDLIVE/infraEnterprise.aspx?LITE&Form;clcid=0x409
Links
NameURL
Citrix Web Accesshttp://icalecsweb
Outlook Web Accesshttps://owa.aeroenginecontrols.com/owa
IT Service Deskhttp://aec01a-wwdev01/ITSDLIVE/infraEnterprise.aspx?LITE&Form;clcid=0x409
Security/Security Zones and Content Ratings
Security Zones and Privacy
These settings will not apply to users that log on to computers that have the Internet Explorer Enhanced Security Configuration (ESC) enabled. To create settings for users on computers that have ESC enabled, create a new GPO and edit that GPO on a computer where ESC is enabled.
Internet (Security Level: Medium-high)
.NET Framework-reliant components
Run components not signed with AuthenticodeEnable
Run components signed with AuthenticodeEnable
ActiveX controls and plug-ins
Download signed ActiveX controlsPrompt
Download unsigned ActiveX controlsDisable
Initialize and script ActiveX controls not marked as safeDisable
Run ActiveX controls and plug-insEnable
Script ActiveX controls marked safe for scriptingEnable
Downloads
File downloadEnable
Font downloadEnable
Microsoft VM
Java permissionsHigh safety
Miscellaneous
Access data sources across domainsDisable
Allow META REFRESHEnable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsDisable
Drag and drop or copy and paste filesEnable
Installation of desktop itemsPrompt
Launching programs and files in an IFRAMEPrompt
Navigate sub-frames across different domainsDisable
Submit nonencrypted form dataEnable
Userdata persistenceEnable
Scripting
Active scriptingEnable
Allow paste operations via scriptPrompt
Scripting of Java appletsEnable
User Authentication
LogonAutomatic logon only in Intranet zone
Local intranet (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeEnable
Run components signed with AuthenticodeEnable
ActiveX controls and plug-ins
Run ActiveX controls and plug-insEnable
Scripting
Active scriptingEnable
Sites
Require server verification (https:) for all sites in this zoneDisabled
Include all local (intranet) sites not listed in other zonesDisabled
Include all sites that bypass the proxy serverDisabled
Include all network paths (UNCs)Disabled
Sites in this zone
None
Trusted sites (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeEnable
Run components signed with AuthenticodeEnable
ActiveX controls and plug-ins
Download signed ActiveX controlsPrompt
Download unsigned ActiveX controlsPrompt
Initialize and script ActiveX controls not marked as safePrompt
Run ActiveX controls and plug-insEnable
Script ActiveX controls marked safe for scriptingEnable
Downloads
File downloadEnable
Font downloadEnable
Microsoft VM
Java permissionsHigh safety
Miscellaneous
Access data sources across domainsEnable
Allow META REFRESHEnable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsEnable
Drag and drop or copy and paste filesEnable
Installation of desktop itemsEnable
Launching applications and unsafe filesEnable
Launching programs and files in an IFRAMEEnable
Navigate sub-frames across different domainsEnable
Submit nonencrypted form dataEnable
Userdata persistenceEnable
Scripting
Active scriptingEnable
Allow paste operations via scriptPrompt
Scripting of Java appletsEnable
User Authentication
LogonAutomatic logon with current username and password
Sites
Require server verification (https:) for all sites in this zoneEnabled
Sites in this zone
None
Restricted sites (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeDisable
Run components signed with AuthenticodeDisable
ActiveX controls and plug-ins
Run ActiveX controls and plug-insDisable
Microsoft VM
Java permissionsDisable Java
Scripting
Active scriptingDisable
Sites
Sites in this zone
None
Privacy
Privacy LevelMedium
Web Sites
Always allowNone
Always blockNone
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Control Panel/Personalization
PolicySettingComment
Enable screen saverEnabled
Password protect the screen saverEnabled
Prevent changing screen saverEnabled
Screen saver timeoutEnabled
Number of seconds to wait to enable the screen saver
Seconds:700
System/Scripts
PolicySettingComment
Run logon scripts synchronouslyDisabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Page
PolicySettingComment
Empty Temporary Internet Files folder when browser is closedEnabled
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
PolicySettingComment
Java permissionsEnabled
Java permissionsMedium safety
Windows Components/Windows Explorer
PolicySettingComment
No Computers Near Me in Network LocationsEnabled
Windows Components/Windows Explorer/Common Open File Dialog
PolicySettingComment
Hide the dropdown list of recent filesDisabled