Download Word Format
Computer Configuration (Enabled)
Windows Settings
Scripts
Startup
| Name | Parameters |
|---|
| \\network.local\SysVol\network.local\scripts\DomainSettings.bat | |
| \\network.local\SysVol\network.local\scripts\Kixscript.bat | |
| \\network.local\SysVol\network.local\scripts\DefaultDomain.vbs | |
| \\network.local\SysVol\network.local\scripts\NoirProfile.vbs | |
Security Settings
Local Policies/User Rights Assignment
| Policy | Setting |
|---|
| Allow log on through Terminal Services | network\Test Students, network\student, network\Installs, network\infotech10, network\Domain Admins, network\Administrator, network\admin |
Local Policies/Security Options
Interactive Logon
| Policy | Setting |
|---|
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 0 logons |
System Services
Computer Browser (Startup Mode: Disabled)
| Permissions |
No permissions specified |
| Auditing |
No auditing specified |
Messenger (Startup Mode: Disabled)
| Permissions |
No permissions specified |
| Auditing |
No auditing specified |
Software Restriction Policies
| Enforcement |
| Policy | Setting |
|---|
| Apply software restriction policies to | All software files except libraries (such as DLLs) |
| Apply software restriction policies to the following users | All users |
|
| Designated File Types |
| File Extension | File Type |
|---|
| ADE | Microsoft Office Access Project Extension |
| ADP | Microsoft Office Access Project |
| BAS | BAS File |
| BAT | MS-DOS Batch File |
| CHM | Compiled HTML Help file |
| CMD | Windows NT Command Script |
| COM | MS-DOS Application |
| CPL | Control Panel extension |
| CRT | Security Certificate |
| EXE | Application |
| HLP | Help File |
| HTA | HTML Application |
| INF | Setup Information |
| INS | Inspiration 6 Document |
| ISP | Internet Communication Settings |
| LNK | Shortcut |
| MDB | Microsoft Office Access Database |
| MDE | Microsoft Office Access MDE Database |
| MSC | Microsoft Common Console Document |
| MSI | Windows Installer Package |
| MSP | Windows Installer Patch |
| MST | MST File |
| OCX | ActiveX Control |
| PCD | PCD File |
| PIF | Shortcut to MS-DOS Program |
| REG | Registration Entries |
| SCR | Screen Saver |
| SHS | Scrap object |
| URL | Internet Shortcut |
| VB | VB File |
| WSC | Windows Script Component |
|
| Trusted Publishers |
| Allow the following users to select trusted publishers | End users |
| Before trusting a publisher, check the following to determine if the certificate is revoked | None |
|
Software Restriction Policies/Security Levels
| Policy | Setting |
|---|
| Default Security Level | Unrestricted |
Software Restriction Policies/Additional Rules
Path Rules
| %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% |
| Security Level | Unrestricted |
| Description | |
| Date last modified | 1/18/2007 9:07:45 AM |
|
| %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe |
| Security Level | Unrestricted |
| Description | |
| Date last modified | 1/18/2007 9:07:45 AM |
|
| %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe |
| Security Level | Unrestricted |
| Description | |
| Date last modified | 1/18/2007 9:07:45 AM |
|
| %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% |
| Security Level | Unrestricted |
| Description | |
| Date last modified | 1/18/2007 9:07:45 AM |
|
Administrative Templates
Network/Offline Files
| Policy | Setting |
|---|
| Allow or Disallow use of the Offline Files feature |
Disabled |
System/Group Policy
| Policy | Setting |
|---|
| Internet Explorer Maintenance policy processing |
Enabled |
| Allow processing across a slow network connection | Enabled |
| Do not apply during periodic background processing | Disabled |
| Process even if the Group Policy objects have not changed | Enabled |
|
| Policy | Setting |
|---|
| User Group Policy loopback processing mode |
Enabled |
|
System/User Profiles
| Policy | Setting |
|---|
| Delete cached copies of roaming profiles |
Enabled |
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone
| Policy | Setting |
|---|
| Use Pop-up Blocker |
Enabled |
| Use Pop-up Blocker | Disable |
|
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone
| Policy | Setting |
|---|
| Use Pop-up Blocker |
Enabled |
| Use Pop-up Blocker | Disable |
|
Windows Components/Terminal Services
| Policy | Setting |
|---|
| Allow users to connect remotely using Terminal Services |
Enabled |
| Sets rules for remote control of Terminal Services user sessions |
Enabled |
| Options: | Full Control without user's permission |
|
Windows Components/Windows Update
| Policy | Setting |
|---|
| Allow Automatic Updates immediate installation |
Enabled |
| Configure Automatic Updates |
Enabled |
| Configure automatic updating: | 4 - Auto download and schedule the install |
| The following settings are only required | | and applicable if 4 is selected. | | Scheduled install day: | 0 - Every day |
| Scheduled install time: | 18:00 |
|
| Policy | Setting |
|---|
| No auto-restart with logged on users for scheduled automatic updates installations |
Enabled |
| Reschedule Automatic Updates scheduled installations |
Disabled |
| Specify intranet Microsoft update service location |
Enabled |
| Set the intranet update service for detecting updates: | http://server1 |
| Set the intranet statistics server: | http://server1 |
| (example: http://IntranetUpd01) | |
User Configuration (Enabled)
Windows Settings
Internet Explorer Maintenance
Connection/Automatic Browser Configuration
| Policy | Setting |
|---|
| Automatically detect configuration settings | Disabled |
| Automatic Browser Configuration | Not configured |
|