Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Faculty User Group Policy
Data collected on: 3/1/2013 3:55:49 PM
General
Details
Domainphas.ubc.ca
OwnerPHAS\Domain Admins
Created11/10/2006 2:54:06 PM
Modified9/27/2011 10:00:26 AM
User Revisions6 (AD), 6 (sysvol)
Computer Revisions6 (AD), 6 (sysvol)
Unique ID{B976960A-A76D-4563-9415-DC6A3B282BE0}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
FacultyNoEnabledphas.ubc.ca/User Accounts/Faculty
VisitorNoEnabledphas.ubc.ca/User Accounts/Visitor

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
PHAS\Faculty
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
PHAS\Domain AdminsEdit settings, delete, modify securityNo
PHAS\Enterprise AdminsEdit settings, delete, modify securityNo
PHAS\FacultyRead (from Security Filtering)No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Local Policies/Audit Policy
PolicySetting
Audit account logon eventsSuccess, Failure
Audit logon eventsSuccess, Failure
Local Policies/User Rights Assignment
PolicySetting
Change the system timePHAS\staff
Load and unload device driversBUILTIN\Administrators, NT AUTHORITY\Authenticated Users, Everyone, PHAS\Domain Users
Manage auditing and security logPHAS\staff
Local Policies/Security Options
Devices
PolicySetting
Devices: Allowed to format and eject removable mediaAdministrators and Interactive Users
Devices: Prevent users from installing printer driversEnabled
Interactive Logon
PolicySetting
Interactive logon: Do not display last user nameEnabled
Registry Values
PolicySetting
MACHINE\Software\Microsoft\Driver Signing\Policy1
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Custom Policy Settings/Restrict Drives
PolicySettingComment
Disable CD-ROMDisabled
Disable FloppyDisabled
Disable USBDisabled
System/User Profiles
PolicySettingComment
Add the Administrators security group to roaming user profilesEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections
PolicySettingComment
Restrict Remote Desktop Services users to a single Remote Desktop Services sessionEnabled
Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment
PolicySettingComment
Remove "Disconnect" option from Shut Down dialogEnabled
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesDisabled
Disable Windows InstallerDisabled
Enable user control over installsEnabled
Prohibit User InstallsEnabled
User Install Behavior:Allow User Installs
Windows Components/Windows Update
PolicySettingComment
Allow non-administrators to receive update notificationsEnabled
Configure Automatic UpdatesEnabled
Configure automatic updating:3 - Auto download and notify for install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time:03:00
PolicySettingComment
Delay Restart for scheduled installationsEnabled
Wait the following period before
proceeding with a scheduled
restart (minutes): 30
PolicySettingComment
No auto-restart with logged on users for scheduled automatic updates installationsEnabled
Re-prompt for restart with scheduled installationsEnabled
Wait the following period before
prompting again with a scheduled
restart (minutes): 540
User Configuration (Enabled)
Policies
Windows Settings
Security Settings
Software Restriction Policies
Enforcement
PolicySetting
Apply software restriction policies to the followingAll software files except libraries (such as DLLs)
Apply software restriction policies to the following usersAll users
When applying software restriction policiesIgnore certificate rules
Designated File Types
File ExtensionFile Type
ADEMicrosoft Access Project Extension
ADPMicrosoft Access Project
BASBAS File
BATWindows Batch File
CHMCompiled HTML Help file
CMDWindows Command Script
COMMS-DOS Application
CPLControl panel item
CRTSecurity Certificate
EXEApplication
HLPHelp file
HTAHTML Application
INFSetup Information
INSINS File
ISPISP File
LNKShortcut
MDBMicrosoft Access Database
MDEMicrosoft Access MDE Database
MSCMicrosoft Common Console Document
MSIWindows Installer Package
MSPWindows Installer Patch
MSTMST File
OCXActiveX control
PCDPCD File
PIFShortcut to MS-DOS Program
REGRegistration Entries
SCRScreen saver
SHSSHS File
URLInternet Shortcut
VBVisual Basic Source file
WSCWindows Script Component
Trusted Publishers
Trusted publisher managementAllow all administrators and users to manage user's own Trusted Publishers
Certificate verificationNone
Software Restriction Policies/Security Levels
PolicySetting
Default Security LevelUnrestricted
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security LevelUnrestricted
Description
Date last modified8/10/2006 12:58:03 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe
Security LevelUnrestricted
Description
Date last modified8/10/2006 12:58:03 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe
Security LevelUnrestricted
Description
Date last modified8/10/2006 12:58:03 PM
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security LevelUnrestricted
Description
Date last modified8/10/2006 12:58:03 PM
Folder Redirection
AppData(Roaming)
Setting: Not configured
Desktop
Setting: Not configured
Documents
Setting: Not configured
Music
Setting: Not configured
Pictures
Setting: Not configured
Start Menu
Setting: Not configured
Videos
Setting: Not configured
Internet Explorer Maintenance (Preference Mode)
URLs/Important URLs
NameURL
Home page URLhttp://www.phas.ubc.ca
Search bar URLNot configured
Online support page URLNot configured
Security/Security Zones and Content Ratings
Security Zones and Privacy (Enhanced Security Configuration Enabled)
These settings will only apply to users when they log on to computers that have the Internet Explorer Enhanced Security Configuration enabled.
Internet (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeDisable
Run components signed with AuthenticodeDisable
ActiveX controls and plug-ins
Download signed ActiveX controlsDisable
Download unsigned ActiveX controlsDisable
Initialize and script ActiveX controls not marked as safeDisable
Run ActiveX controls and plug-insDisable
Script ActiveX controls marked safe for scriptingDisable
Downloads
File downloadDisable
Font downloadPrompt
Microsoft VM
Java permissionsDisable Java
Miscellaneous
Access data sources across domainsDisable
Allow META REFRESHDisable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsDisable
Drag and drop or copy and paste filesPrompt
Installation of desktop itemsDisable
Launching applications and unsafe filesEnable
Launching programs and files in an IFRAMEDisable
Navigate sub-frames across different domainsDisable
Software channel permissionsHigh safety
Submit nonencrypted form dataPrompt
Userdata persistenceDisable
Scripting
Active scriptingDisable
Allow paste operations via scriptDisable
Scripting of Java appletsDisable
User Authentication
LogonPrompt for user name and password
Local intranet (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeEnable
Run components signed with AuthenticodeEnable
ActiveX controls and plug-ins
Download signed ActiveX controlsPrompt
Download unsigned ActiveX controlsDisable
Initialize and script ActiveX controls not marked as safeDisable
Run ActiveX controls and plug-insEnable
Script ActiveX controls marked safe for scriptingEnable
Downloads
File downloadEnable
Font downloadEnable
Microsoft VM
Java permissionsMedium safety
Miscellaneous
Access data sources across domainsPrompt
Allow META REFRESHEnable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsEnable
Drag and drop or copy and paste filesEnable
Installation of desktop itemsPrompt
Launching applications and unsafe filesEnable
Launching programs and files in an IFRAMEPrompt
Navigate sub-frames across different domainsEnable
Software channel permissionsMedium safety
Submit nonencrypted form dataEnable
Userdata persistenceEnable
Scripting
Active scriptingEnable
Allow paste operations via scriptEnable
Scripting of Java appletsEnable
User Authentication
LogonAutomatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zoneDisabled
Include all local (intranet) sites not listed in other zonesDisabled
Include all sites that bypass the proxy serverDisabled
Include all network paths (UNCs)Disabled
Sites in this zone
hcp:////system/
http://localhost/
https://localhost/
Trusted sites (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeEnable
Run components signed with AuthenticodeEnable
ActiveX controls and plug-ins
Download signed ActiveX controlsPrompt
Download unsigned ActiveX controlsDisable
Initialize and script ActiveX controls not marked as safeDisable
Run ActiveX controls and plug-insEnable
Script ActiveX controls marked safe for scriptingEnable
Downloads
File downloadEnable
Font downloadEnable
Microsoft VM
Java permissionsHigh safety
Miscellaneous
Access data sources across domainsDisable
Allow META REFRESHEnable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsDisable
Drag and drop or copy and paste filesEnable
Installation of desktop itemsPrompt
Launching applications and unsafe filesPrompt
Launching programs and files in an IFRAMEPrompt
Navigate sub-frames across different domainsEnable
Software channel permissionsMedium safety
Submit nonencrypted form dataEnable
Userdata persistenceEnable
Scripting
Active scriptingEnable
Allow paste operations via scriptEnable
Scripting of Java appletsEnable
User Authentication
LogonAutomatic logon only in Intranet zone
Sites
Require server verification (https:) for all sites in this zoneDisabled
Sites in this zone
about://*.security_mmc.exe/
http://*.windowsupdate.com/
http://*.windowsupdate.microsoft.com/
http://ardownload.adobe.com/
http://chuangtzu.acc.umu.se/
http://download.microsoft.com/
http://easynews.dl.sourceforge.net/
http://ftp-mozilla.netscape.com/
http://mozilla-chi.osuosl.org/
http://oca.microsoft.com/
http://prdownloads.sourceforge.net/
http://rad.microsoft.com/
http://search.microsoft.com/
http://support.microsoft.com/
http://update.microsoft.com/
http://windowsupdate.microsoft.com/
http://www.7-zip.org/
http://www.adobe.com/
http://www.google.ca/
http://www.microsoft.com/
http://www.mirekw.com/
http://www.mozilla.com/
http://www.msn.com/
http://www.petri.co.il/
http://www.windowsitpro.com/
http://www.windowsnetworking.com/
https://oca.microsoft.com/
Restricted sites (Security Level: Custom)
.NET Framework-reliant components
Run components not signed with AuthenticodeDisable
Run components signed with AuthenticodeDisable
ActiveX controls and plug-ins
Download signed ActiveX controlsDisable
Download unsigned ActiveX controlsDisable
Initialize and script ActiveX controls not marked as safeDisable
Run ActiveX controls and plug-insDisable
Script ActiveX controls marked safe for scriptingDisable
Downloads
File downloadDisable
Font downloadPrompt
Microsoft VM
Java permissionsDisable Java
Miscellaneous
Access data sources across domainsDisable
Allow META REFRESHDisable
Display mixed contentPrompt
Don't prompt for client certificate selection when no certificates or only one certificate existsDisable
Drag and drop or copy and paste filesPrompt
Installation of desktop itemsDisable
Launching applications and unsafe filesDisable
Launching programs and files in an IFRAMEDisable
Navigate sub-frames across different domainsDisable
Software channel permissionsHigh safety
Submit nonencrypted form dataPrompt
Userdata persistenceDisable
Scripting
Active scriptingDisable
Allow paste operations via scriptDisable
Scripting of Java appletsDisable
User Authentication
LogonPrompt for user name and password
Sites
Sites in this zone
None
Privacy
Privacy LevelMedium
Web Sites
Always allowNone
Always blockNone
Programs/Programs
PolicySetting
Import the current program settingsEnabled
HTML EditorMicrosoft Office Word
E-mailHotmail
NewsgroupsOutlook Express
Internet CallMicrosoft NetMeeting
CalendarMicrosoft Outlook
Contact ListAddress Book
Internet Explorer should check to see whether it is the default browserDisabled
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Control Panel
PolicySettingComment
Always open All Control Panel Items when opening Control PanelEnabled
Control Panel/Add or Remove Programs
PolicySettingComment
Remove Add or Remove ProgramsEnabled
Control Panel/Display
PolicySettingComment
Disable the Display Control PanelDisabled
Hide Settings tabDisabled
Control Panel/Personalization
PolicySettingComment
Prevent changing desktop backgroundDisabled
Prevent changing desktop iconsDisabled
Prevent changing window color and appearanceDisabled
Desktop
PolicySettingComment
Hide Network Locations icon on desktopEnabled
Desktop/Desktop
PolicySettingComment
Disable Active DesktopDisabled
Enable Active DesktopEnabled
Allows HTML and JPEG Wallpaper
Network/Network Connections
PolicySettingComment
Prohibit access to properties of a LAN connectionEnabled
Prohibit access to properties of components of a LAN connectionEnabled
Prohibit access to properties of components of a remote access connectionEnabled
Prohibit access to the Advanced Settings item on the Advanced menuEnabled
Prohibit access to the New Connection WizardEnabled
Prohibit access to the Remote Access Preferences item on the Advanced menuEnabled
Prohibit adding and removing components for a LAN or remote access connectionEnabled
Prohibit changing properties of a private remote access connectionEnabled
Prohibit connecting and disconnecting a remote access connectionEnabled
Prohibit deletion of remote access connectionsEnabled
Prohibit Enabling/Disabling components of a LAN connectionEnabled
Prohibit renaming private remote access connectionsEnabled
Prohibit TCP/IP advanced configurationEnabled
Network/Offline Files
PolicySettingComment
Prevent use of Offline Files folderEnabled
Prohibit user configuration of Offline FilesEnabled
Prevents users from changing any cache configuration settings.
PolicySettingComment
Remove 'Make Available Offline'Enabled
Synchronize all offline files before logging offDisabled
Synchronize all offline files when logging onDisabled
Synchronize offline files before suspendDisabled
Turn off reminder balloonsEnabled
Start Menu and Taskbar
PolicySettingComment
Do not display any custom toolbars in the taskbarDisabled
Force classic Start MenuEnabled
Lock the TaskbarDisabled
Prevent changes to Taskbar and Start Menu SettingsDisabled
Remove access to the context menus for the taskbarDisabled
Remove Network Connections from Start MenuEnabled
Remove Network icon from Start MenuEnabled
System
PolicySettingComment
Don't display the Getting Started welcome screen at logonEnabled
System/Folder Redirection
PolicySettingComment
Do not automatically make redirected folders available offlineEnabled
System/Scripts
PolicySettingComment
Run logon scripts synchronouslyEnabled
System/User Profiles
PolicySettingComment
Exclude directories in roaming profileEnabled
Prevent the following directories from roaming with the profile:My Pictures;Cookies;History;Recent;SendTo;Temporary Internet Files;Temp;Templates
You can enter multiple directory names, semi-colon separated,
all relative to the root of the user's profile
Windows Components/Internet Explorer/Internet Control Panel
PolicySettingComment
Disable the Programs pageDisabled
Windows Components/Internet Explorer/Offline Pages
PolicySettingComment
Disable adding channelsEnabled
Disable adding schedules for offline pagesEnabled
Disable all scheduled offline pagesEnabled
Disable channel user interface completelyEnabled
Disable downloading of site subscription contentEnabled
Disable editing and creating of schedule groupsEnabled
Disable editing schedules for offline pagesEnabled
Disable offline page hit loggingEnabled
Disable removing channelsEnabled
Disable removing schedules for offline pagesEnabled
Windows Components/Microsoft Management Console
PolicySettingComment
Restrict users to the explicitly permitted list of snap-insEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins
PolicySettingComment
Device ManagerEnabled
Disk DefragmenterEnabled
Disk ManagementEnabled
Event ViewerEnabled
Removable Storage ManagementEnabled
Security Configuration and AnalysisEnabled
Windows Components/Microsoft Management Console/Restricted/Permitted snap-ins/Extension snap-ins
PolicySettingComment
Device ManagerEnabled
Logical and Mapped DrivesEnabled
Removable StorageEnabled
System PropertiesEnabled
Windows Components/Windows Explorer
PolicySettingComment
Display confirmation dialog when deleting filesEnabled
Hide these specified drives in My ComputerEnabled
Pick one of the following combinationsDo not restrict drives
PolicySettingComment
Prevent access to drives from My ComputerEnabled
Pick one of the following combinationsDo not restrict drives
PolicySettingComment
Remove DFS tabEnabled
Remove Security tabEnabled
Windows Components/Windows Installer
PolicySettingComment
Always install with elevated privilegesDisabled
Windows Components/Windows Messenger
PolicySettingComment
Do not automatically start Windows Messenger initiallyEnabled
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingState
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Btn_Media2
Software\Policies\Microsoft\PCHealth\HelpSvc\Headlines1