Terminal Services Policy
Data collected on: 3/18/2011 show all
11:52:55 PM
Generalhide
Detailsshow
Domain kriton.local
Owner KRITON\Domain Admins
Created 4/6/2010 4:57:20 PM
Modified 12/2/2010 1:29:20 PM
User Revisions 287 (AD), 287 (sysvol)
Computer Revisions 19 (AD), 19 (sysvol)
Unique ID {B149E9BB-A4FA-4F70-80D3-EAF613BE7518}
GPO Status Enabled
Linksshow
Location Enforced Link Status Path
Terminal Server No Enabled kriton.local/Terminal
Server
This list only includes links in the domain of the GPO.
Security Filteringshow
The settings in this GPO can only apply to the following groups, users, and computers:
Name
KRITON\Domain Users
NT AUTHORITY\Authenticated Users
Delegationshow
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
KRITON\Domain Admins Custom No
KRITON\Domain Users Read (from Security Filtering) No
KRITON\Enterprise Admins Edit settings, delete, modify security No
KRITON\krandazzo Custom No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN Read No
CONTROLLERS
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)hide
Policieshide
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the central store.
System/Group Policyhide
Policy Setting Comment
User Group Policy loopback processing Enabled
mode
Mode: Replace
System/Logonhide
Policy Setting Comment
Assign a default domain for logon Enabled
Default Logon domain: kriton.local
Enter the name of the domain
System/User Profileshide
Policy Setting Comment
Add the Administrators security group to Enabled
roaming user profiles
Delete cached copies of roaming profiles Enabled
Windows Components/Internet Explorerhide
Policy Setting Comment
Prevent performance of First Run Enabled
Customize settings
Select your choice Go directly to home page
Windows Components/Internet Explorer/Internet Control Panel/Security Pagehide
Policy Setting Comment
Intranet Sites: Include all local (intranet) Enabled
sites not listed in other zones
Intranet Sites: Include all network paths Enabled
(UNCs)
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connectionshide
Policy Setting Comment
Restrict Remote Desktop Services users Enabled
to a single Remote Desktop Services
session
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Printer Redirectionhide
Policy Setting Comment
Use Remote Desktop Easy Print printer Enabled
driver first
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Profileshide
Policy Setting Comment
Set Remote Desktop Services User Home Enabled
Directory
Location: On the Local machine
Home Dir Root Path: C:\Users
If home path is on the network, specify drive letter for the mapped drive.
Drive Letter Z:
Windows Components/Windows Installerhide
Policy Setting Comment
Prohibit User Installs Enabled
User Install Behavior: Hide User Installs
User Configuration (Enabled)hide
Policieshide
Windows Settingshide
Scriptshide
Logonhide
For this GPO, Script order: Not configured
Name Parameters
logon.bat
Security Settingsshow
An error has occurred while collecting data for Software Restriction Policies.
This error impacts the following settings:
Software Restriction Policies
Software Restriction Policies/Security Levels
Software Restriction Policies/Additional Rules
The following errors apply to all of the above settings:
An unknown error occurred while data was gathered for this extension. Details: Unable to cast object of type 'System.String[]' to
type 'Microsoft.GroupPolicy.Reporting.Extensions.Registry.UnknownType'.
Folder Redirectionhide
AppData(Roaming)show
Setting: Not configured
Desktopshow
Setting: Not configured
Documentsshow
Setting: Not configured
Start Menushow
Setting: Not configured
Internet Explorer Maintenancehide
URLs/Favorites and Linkshide
Policy Setting
Place favorites and links at the top of the list in the order Not configured
specified below
Delete existing Favorites and Links, if present Not configured
Delete existing channels, if present Not configured
Favorites
Name URL
Agile Product Lifecycle Management http://hwvm-agile-prod.kriton.local/Agile/PLMServlet
Security/Security Zones and Content Ratingshide
Security Zones and Privacyhide
These settings will not apply to users that log on to computers that have the Internet Explorer Enhanced Security Configuration
(ESC) enabled. To create settings for users on computers that have ESC enabled, create a new GPO and edit that GPO on a
computer where ESC is enabled.
Internet (Security Level: Medium-high)hide
.NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable
or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Disable
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Prompt
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Local intranet (Security Level: Medium-low)hide
.NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions Medium safety
Miscellaneous
Access data sources across domains Prompt
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Enable
or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Enable
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Enable
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zone Disabled
Include all local (intranet) sites not listed in other zones Disabled
Include all sites that bypass the proxy server Disabled
Include all network paths (UNCs) Disabled
Sites in this zone
None
Trusted sites (Security Level: Medium)hide
.NET Framework-reliant components
Run components not signed with Authenticode Enable
Run components signed with Authenticode Enable
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Enable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable
or only one certificate exists
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Disable
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Prompt
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zone Disabled
Sites in this zone
http://192.168.64.35/
http://192.168.64.36/
http://hwvm-agile-prod.kriton.local/
http://hwvm-qad-prod/
http://hwvm-qadse/
http://hwvm-qadse-prod/
http://hwvm-sea/
https://hwvm-qadse/
https://hwvm-qadse-prod/
https://hwvm-sea/
Restricted sites (Security Level: High)hide
.NET Framework-reliant components
Run components not signed with Authenticode Disable
Run components signed with Authenticode Disable
ActiveX controls and plug-ins
Download signed ActiveX controls Disable
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script ActiveX controls marked safe for scripting Disable
Downloads
File download Disable
Font download Disable
Microsoft VM
Java permissions Disable Java
Miscellaneous
Access data sources across domains Disable
Allow META REFRESH Disable
Display mixed content Prompt
Don't prompt for client certificate selection when no certificates Disable
or only one certificate exists
Drag and drop or copy and paste files Prompt
Installation of desktop items Disable
Launching programs and files in an IFRAME Disable
Navigate sub-frames across different domains Disable
Submit nonencrypted form data Prompt
Userdata persistence Disable
Scripting
Active scripting Disable
Allow paste operations via script Disable
Scripting of Java applets Disable
User Authentication
Logon Prompt for user name and password
Sites
Sites in this zone
None
Privacyhide
Privacy Level Medium
Web Sites
Always allow None
Always block None
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the central store.
Control Panelhide
Policy Setting Comment
Prohibit access to the Control Panel Enabled
Control Panel/Add or Remove Programshide
Policy Setting Comment
Hide Change or Remove Programs page Enabled
Remove Add or Remove Programs Enabled
Desktophide
Policy Setting Comment
Hide Network Locations icon on desktop Enabled
Prohibit User from manually redirecting Enabled
Profile Folders
Remove Computer icon on the desktop Disabled
Remove Recycle Bin icon from desktop Disabled
Remove the Desktop Cleanup Wizard Enabled
Desktop/Active Directoryhide
Policy Setting Comment
Hide Active Directory folder Enabled
Desktop/Desktophide
Policy Setting Comment
Desktop Wallpaper Enabled
Wallpaper Name: C:\Desktop\Heartware_BLK.jpg
Example: Using a local path: C:\windows\web\wallpaper\home.jpg
Example: Using a UNC path: \\Server\Share\Corp.jpg
Wallpaper Style: Fill
Policy Setting Comment
Enable Active Desktop Enabled
Allows HTML and JPEG Wallpaper
Network/Network Connectionshide
Policy Setting Comment
Prohibit access to properties of Enabled
components of a LAN connection
Network/Offline Fileshide
Policy Setting Comment
Prohibit user configuration of Offline Files Enabled
Prevents users from changing any cache configuration settings.
Start Menu and Taskbarhide
Policy Setting Comment
Add "Run in Separate Memory Space" Disabled
check box to Run dialog box
Add Logoff to the Start Menu Enabled
Add the Run command to the Start Menu Disabled
Change Start Menu power button Enabled
Choose one of the following actions Log off
Policy Setting Comment
Clear history of recently opened Enabled
documents on exit
Clear the recent programs list for new Enabled
users
Do not keep history of recently opened Enabled
documents
Do not search communications Enabled
Do not search for files Enabled
Do not search Internet Enabled
Do not search programs and Control Enabled
Panel items
Do not use the search-based method Enabled
when resolving shell shortcuts
Do not use the tracking-based method Enabled
when resolving shell shortcuts
Gray unavailable Windows Installer Enabled
programs Start Menu shortcuts
Hide the notification area Enabled
Lock the Taskbar Enabled
Prevent changes to Taskbar and Start Enabled
Menu Settings
Prevent grouping of taskbar items Enabled
Prevent users from adding or removing Enabled
toolbars
Prevent users from resizing the taskbar Enabled
Remove access to the context menus for Enabled
the taskbar
Remove All Programs list from the Start Enabled
menu
Remove and prevent access to the Shut Enabled
Down, Restart, Sleep, and Hibernate
commands
Remove Balloon Tips on Start Menu items Enabled
Remove Default Programs link from the Enabled
Start menu.
Remove Downloads link from Start Menu Enabled
Remove drag-and-drop and context Enabled
menus on the Start Menu
Remove Games link from Start Menu Enabled
Remove Help menu from Start Menu Enabled
Remove Homegroup link from Start Menu Enabled
Remove links and access to Windows Enabled
Update
Remove Music icon from Start Menu Enabled
Remove Network Connections from Start Enabled
Menu
Remove Network icon from Start Menu Enabled
Remove Pictures icon from Start Menu Enabled
Remove pinned programs from the Enabled
Taskbar
Remove programs on Settings menu Enabled
Remove Recorded TV link from Start Enabled
Menu
Remove Run menu from Start Menu Enabled
Remove Search Computer link Enabled
Remove Search link from Start Menu Enabled
Remove See More Results / Search Enabled
Everywhere link
Remove the "Undock PC" button from the Enabled
Start Menu
Remove the Action Center icon Enabled
Remove the networking icon Enabled
Remove Videos link from Start Menu Enabled
Show QuickLaunch on Taskbar Enabled
Turn off all balloon notifications Enabled
Turn off feature advertisement balloon Enabled
notifications
Turn off notification area cleanup Enabled
Systemhide
Policy Setting Comment
Don't display the Getting Started welcome Enabled
screen at logon
Prevent access to registry editing tools Enabled
Disable regedit from running silently? Yes
Policy Setting Comment
Prevent access to the command prompt Enabled
Disable the command prompt script processing also? No
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zonehide
Policy Setting Comment
Java permissions Enabled
Java permissions Medium safety
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Printer Redirectionhide
Policy Setting Comment
Use Remote Desktop Easy Print printer Enabled
driver first
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Session Time Limitshide
Policy Setting Comment
Set time limit for active but idle Remote Enabled
Desktop Services sessions
Idle session limit: 3 hours
Policy Setting Comment
Set time limit for disconnected sessions Enabled
End a disconnected session 2 hours
Windows Components/Windows Explorerhide
Policy Setting Comment
Display the menu bar in Windows Explorer Disabled
Do not display the Welcome Center at Enabled
user logon
Hide these specified drives in My Enabled
Computer
Pick one of the following combinations Restrict A, B, C and D drives only
Policy Setting Comment
No Computers Near Me in Network Enabled
Locations
No Entire Network in Network Locations Enabled
Removes the Folder Options menu item Enabled
from the Tools menu
Request credentials for network Enabled
installations
Windows Components/Windows Updatehide
Policy Setting Comment
Remove access to use all Windows Update features Enabled
Configure notifications: 0 - Do not show any notifications
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope 0
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled 1
Preferenceshide
Windows Settingshide
Registryhide
Start_AdminToolsRoot (Order: 1)hide
Generalhide
Action Update
Properties
Hive HKEY_CURRENT_USER
Key path Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value name Start_AdminToolsRoot
Value type REG_DWORD
Value data 0x0 (0)
Commonhide
Options
Stop processing items on this extension if an error occurs on this No
item
Run in logged-on user's security context (user policy option) No
Remove this item when it is no longer applied No
Apply once and do not reapply No
StartMenuAdminTools (Order: 2)hide
Generalhide
Action Update
Properties
Hive HKEY_CURRENT_USER
Key path Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value name StartMenuAdminTools
Value type REG_DWORD
Value data 0x0 (0)
Commonhide
Options
Stop processing items on this extension if an error occurs on this No
item
Run in logged-on user's security context (user policy option) No
Remove this item when it is no longer applied No
Apply once and do not reapply No
Control Panel Settingshide
Start Menuhide
Start Menu (Windows Vista)hide
Start Menu (Windows Vista and later) (Order: 1)hide
Generalhide
General
Number of programs on the Start menu 9
Advanced settings
Computer Display as a menu
Connect to No
Control Panel Do not display this item
Default Programs Display this item
Documents Display as a link
Enable context menus and dragging and dropping No
Favorites Do not display this item
Games Do not display this item
Help Do not display this item
Highlight newly installed programs No
Music Do not display this item
Network Do not display this item
Open submenus when I pause on them with the mouse pointer Yes
Personal Folder Display as a link
Pictures Do not display this item
Printers Display this item
Run command Do not display this item
Search No
Search Communications No
Search Favorites and history No
Search files Don't search for files
Search programs No
Sort All Programs menu by name No
System administrative tools Do not display this item
Use Large Icons Yes
List most recently used documents Yes
Clear recent documents list No
Commonhide
Options
Stop processing items on this extension if an error occurs on this No
item
Run in logged-on user's security context (user policy option) Yes
Remove this item when it is no longer applied No
Apply once and do not reapply No
Internet Settingshide
Internet Explorer 8: Internet Explorer 8 (Order: 1)hide
Generalhide
Home page
Main tab http://www.heartwareinc.com
Other tabs http://hwvm-agile-
prod.kriton.local/Agile/PLMServlet|http://www.google.com
Securityhide
Security levels
Internet High
Local Intranet Low
Trusted Low
Restricted High
Privacyhide
Turn on Pop-up Blocker Enabled
Connectionshide
Dial-up settings
Connection behavior Never dial a connection
Programshide
Default web browser
Tell me if Internet Explorer is not the default web browser Enabled
Advancedhide
Accessibility
Always expand ALT text for images Disabled
Move system caret with focus/selection changes Disabled
Browsing
Automatically check for Internet Explorer updates Disabled
Close unused folders in History and Favorites (requires restart) Disabled
Disable Script debugging (Internet Explorer) Enabled
Disable Script debugging (Other) Enabled
Display a notification about every script error Disabled
Enable FTP folder view (outside of Internet Explorer) Enabled
Enable page transitions Enabled
Enable Personalized Favorites Menu Disabled
Enable third-party browser extensions (requires restart) Enabled
Enable visual styles on buttons and controls in web pages Enabled
Enable websites to use the search pane Disabled
Force offscreen compositing even under Terminal Server Disabled
(requires restart)
Notify when downloads complete Enabled
Reuse windows for launching shortcuts Enabled
Show Friendly HTTP Error messages Enabled
Underline links Always
Use inline AutoComplete Disabled
Use most recent order when switching tabs with Ctrl+Tab Disabled
Use Passive FTP (for firewall and DSL model compatibility) Enabled
Use smooth scrolling Enabled
HTTP 1.1 settings
Use HTTP 1.1 Enabled
Use HTTP 1.1 through proxy connections Enabled
International
Always show encoded addresses Disabled
Send IDN server names Enabled
Send IDN server names for Intranet addresses Disabled
Send UTF-8 URLs Disabled
Use UTF-8 for mailto links Disabled
Multimedia
Always use ClearType for HTML Disabled
Enable Automatic Image Resizing Enabled
Play animations in web pages Enabled
Play sounds in web pages Enabled
Show image download placeholders Disabled
Show pictures Enabled
Smart image dithering Enabled
Printing
Print background colors and images Disabled
Search from the Address bar
When searching Just display the results in the main window
Security
Allow active content from CDs to run on My Computer Disabled
Allow active content to run in files on My Computer Enabled
Allow software to run or install even if the signature is invalid Disabled
Check for publisher's certificate revocation Enabled
Check for server certificate revocation (requires restart) Enabled
Check for signatures on downloaded programs Enabled
Do not save encrypted pages to disk Disabled
Empty Temporary Internet Files folder when browser is closed Disabled
Enable Integrated Windows Authentication (requires restart) Enabled
Enable native XMLHTTP support Enabled
Phishing Filter Turn off automatic website checking
Use SSL 2.0 Disabled
Use SSL 3.0 Enabled
Use TLS 1.0 Enabled
Warn about certificate address mismatch Enabled
Warn if changing between secure and not secure mode Disabled
Warn if POST submittal is redirected to a zone that does not Enabled
permit posts
Commonhide
Options
Stop processing items on this extension if an error occurs on this No
item
Run in logged-on user's security context (user policy option) No
Remove this item when it is no longer applied No
Apply once and do not reapply No