Group Policy Management
body { font-size:68%;font-family:Tahoma; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:Tahoma; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:tahoma; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
E.SITESXP.GPO
Data collected on: 5/13/2003 9:05:44 AM
General
Details
Domain east.ad.asu.edu
Owner EAST\Domain Admins
Created 4/2/2002 10:20:06 AM
Modified 5/4/2003 9:30:40 PM
User Revisions 202 (AD), 202 (sysvol)
Computer Revisions 270 (AD), 270 (sysvol)
Unique ID {2920E0DA-E22D-47E7-8400-4573B0FD6C3F}
GPO Status Enabled
Links
Location Enforced Link Status Path
Acad FYE No Enabled east.ad.asu.edu/E.ACAD/Acad FYE
Acad Helpdesk No Enabled east.ad.asu.edu/E.ACAD/Acad Helpdesk
Acad Lecterns No Enabled east.ad.asu.edu/E.ACAD/Acad Lecterns
Acad VSNET No Enabled east.ad.asu.edu/E.ACAD/Acad VSNET
Acad XP Sites No Enabled east.ad.asu.edu/E.ACAD/Acad XP Sites

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
ASUEAST\Domain Users
EAST\Domain Computers
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name None
Description Not applicable
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
ASUEAST\Domain Users Read (from Security Filtering) No
BUILTIN\Administrators Edit settings No
EAST\Domain Admins Edit settings, delete, modify security No
EAST\Domain Computers Read (from Security Filtering) No
EAST\E.ACAD.OUadmins Edit settings, delete, modify security No
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
Computer Configuration (Enabled)
Software Settings
Assigned Applications
CGC_Citrix
Product Information
Name CGC_Citrix
Version 1.0
Language English (United States)
Platform Intel
Support URL
Deployment Information
General Setting
Deployment type Assigned
Deployment source \\eaststu1.east.ad.asu.edu\msi$\software\Citrix\citrix.msi
Uninstall this application when it falls out of the scope of management Disabled

Advanced Deployment Options Setting
Ignore language when deploying this package Disabled
Make this 32-bit X86 application available to Win64 machines Enabled
Include OLE class and product information Enabled

Diagnostic Information Setting
Product code {d3391c96-0a03-4521-81aa-86f4953790a6}
Deployment Count 0
Security
Permissions
Type Name Permission Inherited
Allow EAST\Domain Admins Full control No
Allow NT AUTHORITY\SYSTEM Full control No
Allow NT AUTHORITY\Authenticated Users Read No
Allow BUILTIN\Administrators Read, Write Yes
Allow NT AUTHORITY\Authenticated Users Read Yes
Allow EAST\rubenv Read, Write Yes
Allow CREATOR OWNER Read, Write Yes
Allow EAST\Domain Admins Read, Write Yes
Allow EAST\Domain Computers Read Yes
Allow ASUEAST\Domain Users Read Yes
Allow EAST\E.ACAD.OUadmins Read, Write Yes
Allow NT AUTHORITY\SYSTEM Read, Write Yes
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Advanced
Upgrades Setting
Required upgrade for existing packages Enabled
Packages that this package will upgrade GPO
None
Packages in the current GPO that will upgrade this package None

Categories
None

Transforms
None
SurfCAM2002_217 Update
Product Information
Name SurfCAM2002_217 Update
Version 1.0
Language English (United States)
Platform Intel
Support URL
Deployment Information
General Setting
Deployment type Assigned
Deployment source \\eaststu1.east.ad.asu.edu\msi$\software\SurfCAM 2002 Update\surf2002_217.msi
Uninstall this application when it falls out of the scope of management Disabled

Advanced Deployment Options Setting
Ignore language when deploying this package Disabled
Make this 32-bit X86 application available to Win64 machines Enabled
Include OLE class and product information Disabled

Diagnostic Information Setting
Product code {50db47a0-25ed-444a-82e7-d614fc0ee6b4}
Deployment Count 0
Security
Permissions
Type Name Permission Inherited
Allow BUILTIN\Administrators Read, Write No
Allow NT AUTHORITY\Authenticated Users Read No
Allow EAST\rubenv Read, Write No
Allow CREATOR OWNER Read, Write No
Allow EAST\Domain Admins Full control No
Allow EAST\Domain Admins Read, Write No
Allow EAST\Domain Computers Read No
Allow ASUEAST\Domain Users Read No
Allow EAST\E.ACAD.OUadmins Read, Write No
Allow NT AUTHORITY\SYSTEM Full control No
Allow NT AUTHORITY\SYSTEM Read, Write No
Allow BUILTIN\Administrators Read, Write Yes
Allow NT AUTHORITY\Authenticated Users Read Yes
Allow EAST\rubenv Read, Write Yes
Allow CREATOR OWNER Read, Write Yes
Allow EAST\Domain Admins Read, Write Yes
Allow EAST\Domain Computers Read Yes
Allow ASUEAST\Domain Users Read Yes
Allow EAST\E.ACAD.OUadmins Read, Write Yes
Allow NT AUTHORITY\SYSTEM Read, Write Yes
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Advanced
Upgrades Setting
Required upgrade for existing packages Enabled
Packages that this package will upgrade GPO
None
Packages in the current GPO that will upgrade this package None

Categories
None

Transforms
None
Windows Settings
Scripts
Startup
Name Parameters
\\east.ad.asu.edu\SysVol\east.ad.asu.edu\scripts\Acad\test\start.bat
C:\windows\c3\login.bat
Security Settings
Local Policies/Audit Policy
Policy Setting
Audit account logon events Success, Failure
Audit account management Success, Failure
Audit logon events Success, Failure
Audit privilege use Success, Failure
Audit system events Success, Failure
Local Policies/User Rights Assignment
Policy Setting
Access this computer from the network EAST\E.ACAD.OUadmins, EAST\Domain Admins
Deny log on locally EAST\E.ACAD.OUadmins, EAST\Domain Admins
Local Policies/Security Options
Accounts
Policy Setting
Accounts: Rename administrator account "techcntr"
Interactive Logon
Policy Setting
Interactive logon: Do not display last user name Enabled
Interactive logon: Message text for users attempting to log on If you cannot log on,please change your password using the change password website at http://www.asu.edu/changepassword. ----------------------------------------------------------------------------------------------------------- * Students,please log on to the ASU.EDU (Kerberos Realm) Domain. * Faculty and Staff,please log on to the same Domain as you do in your office (i.e. EAST or ASUEAST). * If you are unable to log on,please contact the IT East Help Desk at 727-1118 or visit the self subscription website at http://www.asu.edu/selfsub ----------------------------------------------------------------------------------------------------------- * Employees,in order for Outlook to be automatically configured,your Outlook password must be the same as your EAST or ASUEAST Domain password. Or,log on to the ASURITE Domain. ----------------------------------------------------------------------------------------------------------- WARNING! You are accessing a computer protected by federal and state law and ASU policies. By using this system you agree to comply with these laws and policies,including ACD 125 (Computer,Internet and Electronic Communications Policy) and you consent to system monitoring for law enforcement,administrative and other purposes. Unauthorized/inappropriate use of this computer system may subject you to criminal prosecution,civil liability and ASU sanctions.
Interactive logon: Message title for users attempting to log on Welcome to ASU (Arizona State University) East! To Log On:
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 0 logons
Network Security
Policy Setting
Network security: LAN Manager authentication level Send LM & NTLM - use NTLMv2 session security if negotiated
Restricted Groups
Group Members Member of
BUILTIN\Power Users WESTSTUDENT\Domain Users, STUDENT\Domain Users, EAST\Domain Users, ASUWEST\Domain Users, ASURITE\Domain Users, ASUAD\Domain Users
System Services
Messenger (Startup Mode: Disabled)
Permissions
Type Name Permission
Allow Everyone Full Control
Auditing
No auditing specified
File System
%SystemDrive%\Documents and Settings\All Users
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow ASUAD\Domain Users Read and Execute This folder, subfolders and files
Allow ASUEAST\Domain Users Read and Execute This folder, subfolders and files
Allow ASURITE\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\Domain Users Read and Execute This folder, subfolders and files
Allow EAST\Domain Users Read and Execute This folder, subfolders and files
Allow STUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\W.GP.Domain UsersWESTFS Read and Execute This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Modify This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow ASUAD\Domain Users Read and Execute This folder, subfolders and files
Allow ASUEAST\Domain Users Read and Execute This folder, subfolders and files
Allow ASURITE\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\Domain Users Read and Execute This folder, subfolders and files
Allow EAST\Domain Users Read and Execute This folder, subfolders and files
Allow STUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\W.GP.Domain UsersWESTFS Read and Execute This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemDrive%\Documents and Settings\Default User
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow ASUAD\Domain Users Read and Execute This folder, subfolders and files
Allow ASUEAST\Domain Users Read and Execute This folder, subfolders and files
Allow ASURITE\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\Domain Users Read and Execute This folder, subfolders and files
Allow EAST\Domain Users Read and Execute This folder, subfolders and files
Allow STUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\W.GP.Domain UsersWESTFS Read and Execute This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Auditing
No auditing specified
%SystemDrive%\fndtn
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow NT AUTHORITY\Authenticated Users Modify This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Modify This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemDrive%\program files\asuloginnt.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow EAST\Domain Admins Full Control This folder, subfolders and files
Allow ASUAD\Domain Users Read and Execute This folder, subfolders and files
Allow ASUEAST\Domain Users Read and Execute This folder, subfolders and files
Allow ASURITE\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\Domain Users Read and Execute This folder, subfolders and files
Allow EAST\Domain Users Read and Execute This folder, subfolders and files
Allow STUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Read and Execute This folder, subfolders and files
Allow ASUWEST\W.GP.Domain UsersWESTFS Read and Execute This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Auditing
No auditing specified
%SystemDrive%\Program Files\Common Files\Microsoft Shared\Web Folders
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow ASUAD\Domain Users Modify This folder, subfolders and files
Allow ASUEAST\Domain Users Modify This folder, subfolders and files
Allow ASURITE\Domain Users Modify This folder, subfolders and files
Allow ASUWEST\Domain Users Modify This folder, subfolders and files
Allow EAST\Domain Users Modify This folder, subfolders and files
Allow STUDENT\Domain Users Modify This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Modify This folder, subfolders and files
Allow ASUWEST\W.GP.Domain UsersWESTFS Modify This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Modify This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemRoot%\aldec.ini
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow NT AUTHORITY\Authenticated Users Modify This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow NT AUTHORITY\SYSTEM Modify This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemRoot%\asuloginnt.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Deny ASUAD\Domain Users Full Control This folder, subfolders and files
Deny ASURITE\Domain Users Full Control This folder, subfolders and files
Deny ASUWEST\Domain Users Full Control This folder, subfolders and files
Deny STUDENT\Domain Users Full Control This folder, subfolders and files
Deny WESTSTUDENT\Domain Users Full Control This folder, subfolders and files
Deny ASUWEST\W.GP.Domain UsersWESTFS Full Control This folder, subfolders and files
Deny EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow EAST\Domain Admins Full Control This folder, subfolders and files
Allow EAST\E.ACAD.GENERIC Read and Execute This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemRoot%\Kerblogin.exe
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Deny EAST\E.ACAD.GENERIC Full Control This folder, subfolders and files
Allow EAST\Domain Admins Full Control This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow Everyone Read and Execute This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Auditing
No auditing specified
%SystemRoot%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow ASUAD\Domain Users Modify This folder, subfolders and files
Allow ASUEAST\Domain Users Modify This folder, subfolders and files
Allow ASURITE\Domain Users Modify This folder, subfolders and files
Allow ASUWEST\Domain Users Modify This folder, subfolders and files
Allow EAST\Domain Users Modify This folder, subfolders and files
Allow STUDENT\Domain Users Modify This folder, subfolders and files
Allow WESTSTUDENT\Domain Users Modify This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
%SystemRoot%\system32\winexit.scr
Configure this file or folder then: Replace existing permissions on all subfolders and files with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Deny EAST\E.ACAD.MICS Full Control This folder, subfolders and files
Deny EAST\TECH127PC03$ Full Control This folder, subfolders and files
Allow EAST\E.ACAD.OUadmins Full Control This folder, subfolders and files
Allow Everyone Read and Execute This folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
Registry
CLASSES_ROOT\AppID\{317DA-882-ECC5-11D1-B976-00600802DB86}
Configure this key then: Replace existing permissions on all subkeys with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow Everyone Full control This key and subkeys
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\control.ini
Configure this key then: Propagate inheritable permissions to all subkeys
Owner
Permissions
Type Name Permission Apply To
Allow Everyone Query Value, Set Value, Create Subkey, Notify, Read permissions This key and subkeys
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Auditing
No auditing specified
machine\software\microsoft\windows\currentversion\winlogon
Configure this key then: Replace existing permissions on all subkeys with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow EAST\Domain Admins Read This key and subkeys
Allow ASUAD\Domain Users Read This key and subkeys
Allow ASUEAST\Domain Users Read This key and subkeys
Allow ASURITE\Domain Users Read This key and subkeys
Allow ASUWEST\Domain Users Read This key and subkeys
Allow EAST\Domain Users Read This key and subkeys
Allow WESTSTUDENT\Domain Users Read This key and subkeys
Allow EAST\E.ACAD.OUadmins Read This key and subkeys
Allow EAST\E.ACAD.OUadmins Create Link, Change permissions, Take ownership This key and subkeys
Allow NT AUTHORITY\SYSTEM Read This key and subkeys
Allow NT AUTHORITY\SYSTEM Set Value, Create Subkey, Delete This key and subkeys
Allow inheritable permissions from the parent to propagate to this object and all child objects Disabled
Auditing
No auditing specified
machine\system\currentcontrolset\control\computername
Configure this key then: Replace existing permissions on all subkeys with inheritable permissions
Owner
Permissions
Type Name Permission Apply To
Allow EAST\Domain Admins Full control This key and subkeys
Allow ASUAD\Domain Users Read This key and subkeys
Allow ASUAD\Domain Users Set Value, Create Subkey, Delete This key and subkeys
Allow ASURITE\Domain Users Read This key and subkeys
Allow ASURITE\Domain Users Set Value, Create Subkey, Delete This key and subkeys
Allow ASUWEST\Domain Users Read This key and subkeys
Allow ASUWEST\Domain Users Set Value, Create Subkey, Delete This key and subkeys
Allow EAST\Domain Users Read This key and subkeys
Allow EAST\Domain Users Set Value, Create Subkey, Delete This key and subkeys
Allow WESTSTUDENT\Domain Users Read This key and subkeys
Allow WESTSTUDENT\Domain Users Set Value, Create Subkey, Delete This key and subkeys
Allow EAST\E.ACAD.OUadmins Full control This key and subkeys
Allow inheritable permissions from the parent to propagate to this object and all child objects Enabled
Auditing
No auditing specified
Administrative Templates
Network/Network Connections
Policy Setting
Prohibit installation and configuration of Network Bridge on your DNS domain network Enabled
Prohibit use of Internet Connection Firewall on your DNS domain network Enabled
Prohibit use of Internet Connection Sharing on your DNS domain network Enabled
Network/Offline Files
Policy Setting
Allow or Disallow use of the Offline Files feature Disabled
Network/SNMP
Policy Setting
Permitted Managers Enabled
Permitted Managers
eaststu2.east.ad.asu.edu
System
Policy Setting
Verbose vs normal status messages Enabled
System/Error Reporting
Policy Setting
Report Errors Disabled
System/Group Policy
Policy Setting
User Group Policy loopback processing mode Enabled
Mode: Replace
System/Logon
Policy Setting
Always use classic logon Enabled
Always wait for the network at computer startup and logon Enabled
Don't display the Getting Started welcome screen at logon Enabled
System/Remote Assistance
Policy Setting
Offer Remote Assistance Disabled
Solicited Remote Assistance Disabled
System/Scripts
Policy Setting
Run logon scripts synchronously Enabled
Run startup scripts asynchronously Disabled
System/System Restore
Policy Setting
Turn off System Restore Enabled
System/Windows File Protection
Policy Setting
Set Windows File Protection scanning Disabled
User Configuration (Enabled)
Windows Settings
Scripts
Logon
Name Parameters
\\east.ad.asu.edu\SysVol\east.ad.asu.edu\scripts\Acad\test\F02logon_newa.vbs
\\east.ad.asu.edu\SysVol\east.ad.asu.edu\scripts\Acad\test\logon.bat
Logoff
Name Parameters
\\east.ad.asu.edu\SysVol\east.ad.asu.edu\scripts\Acad\test\F02logoff.vbs
\\east.ad.asu.edu\SysVol\east.ad.asu.edu\scripts\Acad\test\login.bat
Folder Redirection
My Documents
Setting: Basic (Redirect everyone's folder to the same location)
Path: M:\
Options
Grant user exclusive rights to My Documents Disabled
Move the contents of My Documents to the new location Disabled
Policy Removal Behavior Restore contents
Internet Explorer Maintenance
Browser User Interface/Customized Title Bar
Title Bar Text
ASU East Information Technology
Connection/Connection Settings
This GPO contains connection settings.
URLs/Important URLs
Name URL
Home page URL http://insider.east.asu.edu
Search bar URL Not configured
Online support page URL Not configured
Security/Security Zones and Content Ratings
Security Zones and Privacy
These settings will not apply to users that log on to computers that have the Internet Explorer Enhanced Security Configuration (ESC) enabled. To create settings for users on computers that have ESC enabled, create a new GPO and edit that GPO on a computer where ESC is enabled.
Internet (Security Level: Custom)
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Don't prompt for client certificate selection when no certificates or only one certificate exists Disable
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Enable
Software channel permissions Medium safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Enable
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Local intranet (Security Level: Custom)
ActiveX controls and plug-ins
Download signed ActiveX controls Prompt
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions Medium safety
Miscellaneous
Access data sources across domains Prompt
Don't prompt for client certificate selection when no certificates or only one certificate exists Enable
Drag and drop or copy and paste files Enable
Installation of desktop items Prompt
Launching programs and files in an IFRAME Prompt
Navigate sub-frames across different domains Enable
Software channel permissions Medium safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Enable
Scripting of Java applets Enable
User Authentication
Logon Automatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zone Disabled
Include all local (intranet) sites not listed in other zones Enabled
Include all sites that bypass the proxy server Enabled
Include all network paths (UNCs) Enabled
Sites in this zone
None
Trusted sites (Security Level: Custom)
ActiveX controls and plug-ins
Download signed ActiveX controls Enable
Download unsigned ActiveX controls Prompt
Initialize and script ActiveX controls not marked as safe Prompt
Run ActiveX controls and plug-ins Enable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Enable
Font download Enable
Microsoft VM
Java permissions Low safety
Miscellaneous
Access data sources across domains Enable
Don't prompt for client certificate selection when no certificates or only one certificate exists Enable
Drag and drop or copy and paste files Enable
Installation of desktop items Enable
Launching programs and files in an IFRAME Enable
Navigate sub-frames across different domains Enable
Software channel permissions Low safety
Submit nonencrypted form data Enable
Userdata persistence Enable
Scripting
Active scripting Enable
Allow paste operations via script Enable
Scripting of Java applets Enable
User Authentication
Logon Automatic logon with current username and password
Sites
Require server verification (https:) for all sites in this zone Enabled
Sites in this zone
None
Restricted sites (Security Level: Custom)
ActiveX controls and plug-ins
Download signed ActiveX controls Disable
Download unsigned ActiveX controls Disable
Initialize and script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script ActiveX controls marked safe for scripting Enable
Downloads
File download Disable
Font download Prompt
Microsoft VM
Java permissions High safety
Miscellaneous
Access data sources across domains Disable
Don't prompt for client certificate selection when no certificates or only one certificate exists Disable
Drag and drop or copy and paste files Prompt
Installation of desktop items Disable
Launching programs and files in an IFRAME Disable
Navigate sub-frames across different domains Disable
Software channel permissions High safety
Submit nonencrypted form data Prompt
Userdata persistence Disable
Scripting
Active scripting Disable
Allow paste operations via script Disable
Scripting of Java applets Disable
User Authentication
Logon Prompt for user name and password
Sites
Sites in this zone
http://www.new.net/
Content Ratings
This GPO contains content ratings.
Administrative Templates
Control Panel
Policy Setting
Prohibit access to the Control Panel Enabled
Control Panel/Display
Policy Setting
Remove Display in Control Panel Enabled
Screen Saver Enabled
Screen Saver executable name Enabled
Screen Saver executable name winexit.scr
Policy Setting
Screen Saver timeout Enabled
Number of seconds to wait to enable the Screen Saver
Seconds: 1600
Control Panel/Printers
Policy Setting
Prevent addition of printers Enabled
Desktop
Policy Setting
Don't save settings at exit Enabled
Hide My Network Places icon on desktop Enabled
Remove My Documents icon on the desktop Enabled
Remove the Desktop Cleanup Wizard Enabled
Desktop/Active Desktop
Policy Setting
Enable Active Desktop Enabled
Allows HTML and JPEG Wallpaper
Desktop/Active Directory
Policy Setting
Hide Active Directory folder" Enabled
Microsoft Excel 2000/Tools | Macro/Security...
Policy Setting
Security Level Enabled
Security Level Low
Policy Setting
Trust all installed add-ins and templates Enabled
Check to enforce setting on; uncheck to enforce setting off Enabled
Microsoft Office 2000/Assistant/Options Tab
Policy Setting
Use the Office Assistant Disabled
Microsoft Office 2000/Tools | Customize | Options
Policy Setting
Menus show recently used commands first Disabled
Show full menus after a short delay Disabled
Microsoft Word 2000/Tools | Options.../File Locations
Policy Setting
Documents Enabled
Documents M:\
Network/Network Connections
Policy Setting
Prohibit access to properties of components of a LAN connection Enabled
Network/Offline Files
Policy Setting
Synchronize all offline files before logging off Disabled
Start Menu and Taskbar
Policy Setting
Add "Run in Separate Memory Space" check box to Run dialog box Enabled
Add Logoff to the Start Menu Disabled
Clear history of recently opened documents on exit Enabled
Do not keep history of recently opened documents Enabled
Force classic Start Menu Enabled
Gray unavailable Windows Installer programs Start Menu shortcuts Enabled
Prevent grouping of taskbar items Enabled
Remove Balloon Tips on Start Menu items Enabled
Remove Documents menu from Start Menu Enabled
Remove links and access to Windows Update Enabled
Remove Logoff on the Start Menu Enabled
Remove Network Connections from Start Menu Enabled
Remove user's folders from the Start Menu Enabled
Turn off personalized menus Enabled
Turn off user tracking Enabled
System
Policy Setting
Don't display the Getting Started welcome screen at logon Enabled
Don't run specified Windows applications Enabled
List of disallowed applications
icq.exe
icqlite.exe
Policy Setting
Prevent access to registry editing tools Enabled
System/Ctrl+Alt+Del Options
Policy Setting
Remove Change Password Enabled
Remove Lock Computer Enabled
Remove Logoff Enabled
Remove Task Manager Enabled
System/Logon
Policy Setting
Run these programs at user logon Enabled
Items to run at logon
c:\windows\kerblogin
c:\windows\newprof.exe -p i:\system\exchange\outlook.prf
c:\windows\quickres.exe /s
i:\sdat4261.exe /s
i:\system\generic.bat
System/Power Management
Policy Setting
Prompt for password on resume from hibernate / suspend Disabled
System/Scripts
Policy Setting
Run logon scripts synchronously Enabled
Windows Components/Internet Explorer
Policy Setting
Disable AutoComplete for forms Enabled
Do not allow AutoComplete to save passwords Enabled
Windows Components/Microsoft Management Console
Policy Setting
Restrict the user from entering author mode Enabled
Windows Components/Task Scheduler
Policy Setting
Hide Property Pages Enabled
Remove Advanced Menu Enabled
Windows Components/Windows Explorer
Policy Setting
Hides the Manage item on the Windows Explorer context menu Enabled
Remove Shared Documents from My Computer Enabled