Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
Group Policy Results
ADS\user on ADS\computer
Data collected on: 10/08/2007 9:48:44 AM
Summary
Computer Configuration Summary
General
Computer nameADS\computer
Domainads.uwaterloo.ca
SiteDefault-First-Site-Name
Last time Group Policy was processed10/08/2007 8:23:03 AM
Group Policy Objects
Applied GPOs
NameLink LocationRevision
Local Group PolicyLocalAD (2), Sysvol (2)
Rename Administrator and Guest accountsads.uwaterloo.caAD (4), Sysvol (4)
Default Domain Policyads.uwaterloo.caAD (23), Sysvol (23)
Supplement Domain Policyads.uwaterloo.caAD (69), Sysvol (69)
Adobe 7.0 Patchads.uwaterloo.ca/Academic SupportAD (2), Sysvol (2)
SAV 10.0.1001 patchads.uwaterloo.ca/Academic SupportAD (4), Sysvol (4)
Academic Support SUSads.uwaterloo.ca/Academic SupportAD (56), Sysvol (56)
Academic Support Securityads.uwaterloo.ca/Academic SupportAD (19), Sysvol (19)
Academic Support Login Scriptads.uwaterloo.ca/Academic SupportAD (2), Sysvol (2)
Academic Support Software Distributionads.uwaterloo.ca/Academic Support/Department/ComputersAD (251), Sysvol (251)
Domain No Overrideads.uwaterloo.caAD (58), Sysvol (58)
Denied GPOs
NameLink LocationReason Denied
Academic Support Folder Redirectionads.uwaterloo.ca/Academic SupportDisabled GPO
Department Login Scriptads.uwaterloo.ca/Academic Support/DepartmentDisabled GPO
Security Group Membership when Group Policy was applied
BUILTIN\Administrators
Everyone
computer\Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
ADS\computer$
ADS\Office 2007
ADS\Domain Computers
ADS\Standard Applications
ADS\AppsRD
WMI Filters
NameValueReference GPO(s)
None
Component Status
Component NameStatusLast Process Time
Group Policy InfrastructureSuccess10/08/2007 8:23:04 AM
QoS Packet SchedulerSuccess (no data)26/07/2007 2:12:55 PM
RegistrySuccess26/07/2007 2:12:55 PM
ScriptsSuccess26/07/2007 2:12:55 PM
SecuritySuccess26/07/2007 2:13:01 PM
Software InstallationSuccess27/07/2007 10:16:22 AM
User Configuration Summary
General
User nameADS\user
Domainads.uwaterloo.ca
Last time Group Policy was processed10/08/2007 8:26:42 AM
Group Policy Objects
Applied GPOs
NameLink LocationRevision
Local Group PolicyLocalAD (1), Sysvol (1)
Supplement Domain Policyads.uwaterloo.caAD (9), Sysvol (9)
Academic Support Securityads.uwaterloo.ca/Academic SupportAD (1), Sysvol (1)
Academic Support Login Scriptads.uwaterloo.ca/Academic SupportAD (7), Sysvol (7)
Academic Support Folder Redirectionads.uwaterloo.ca/Academic SupportAD (77), Sysvol (77)
Department Login Scriptads.uwaterloo.ca/Academic Support/DepartmentAD (3), Sysvol (3)
Denied GPOs
NameLink LocationReason Denied
Rename Administrator and Guest accountsads.uwaterloo.caDisabled GPO
Default Domain Policyads.uwaterloo.caEmpty
Domain No Overrideads.uwaterloo.caDisabled GPO
Adobe 7.0 Patchads.uwaterloo.ca/Academic SupportDisabled GPO
SAV 10.0.1001 patchads.uwaterloo.ca/Academic SupportDisabled GPO
Academic Support SUSads.uwaterloo.ca/Academic SupportDisabled GPO
Security Group Membership when Group Policy was applied
ADS\Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Power Users
BUILTIN\Remote Desktop Users
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
ADS\ath-tableclub
ADS\ath-curlclub
ADS\ath-Coop
ADS\UWdir-employed
ADS\ath-rowclub
ADS\ath-CRstaff
ADS\UWdir-HR-staff
ADS\ath-IPOS
ADS\ath-ultclub
ADS\telMB-A5120
ADS\ath-Web-CoreSiteAuthors
ADS\ath-kendclub
ADS\ath-skiclub
ADS\ath-sailclub
ADS\ath-juggclub
ADS\ath-badmclub
ADS\ath-fencclub
ADS\ath-ChangeOver
ADS\ath-archclub
ADS\UWdir-HR-employee
ADS\UWdir-active
ADS\ath-outclub
ADS\uw-department
ADS\ath-martclub
ADS\AppsRD
WMI Filters
NameValueReference GPO(s)
None
Component Status
Component NameStatusLast Process Time
Group Policy InfrastructureSuccess10/08/2007 8:27:03 AM
Folder RedirectionSuccess10/08/2007 8:27:02 AM
Internet Explorer BrandingSuccess10/08/2007 8:27:03 AM
RegistrySuccess10/08/2007 8:26:42 AM
ScriptsSuccess10/08/2007 8:27:02 AM
Computer Configuration
Software Settings
Installed Applications
Adobe Flash Player 9 ActiveX (2)
Winning GPOAcademic Support Software Distribution
Product Information
NameAdobe Flash Player 9 ActiveX (2)
Version9.0
LanguageEnglish (United States)
PlatformIntel
Support URLhttp://www.adobe.com/go/flashplayer_support/
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\Flash Player\Flash Player 9.0.47.0\install_flash_player_active_x.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{786547f9-59bb-4fa3-b2d8-327ff1f14870}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Domain AdminsFull controlNo
AllowADS\Domain AdminsRead, WriteNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\SYSTEMRead, WriteNo
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
Adobe Flash Player 9 ActiveXAcademic Support Software Distribution
Packages that will upgrade this packageGPO
None

Transforms
None
Cause
This application was applied due to the following conditions:
The application was installed as the result of a forced upgrade.
Its language was English.
Adobe Reader 8
Winning GPOAcademic Support Software Distribution
Product Information
NameAdobe Reader 8
Version8.0
LanguageEnglish (United States)
PlatformIntel
Support URLhttp://www.adobe.com/support/main.html
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\Acrobat Reader\Adobe Acrobat Reader 8.0\acroread.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{ac76ba86-7ad7-1033-7b44-a80000000002}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
Adobe Reader 7.0Academic Support Software Distribution
Packages that will upgrade this packageGPO
None

Transforms
\\uwfile\apps$\StandardApps\Acrobat Reader\Adobe Acrobat Reader 8.0\acroread.mst
Cause
This application was applied due to the following conditions:
The application was installed as the result of a forced upgrade.
Its language was English.
Microsoft Office Professional Plus 2007
Winning GPOAcademic Support Software Distribution
Product Information
NameMicrosoft Office Professional Plus 2007
Version12.0
Language
PlatformIntel
Support URL
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\Office2007\ProPlus.WW\ProPlusWW.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{90120000-0011-0000-0000-0000000ff1ce}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Office 2007ReadNo
AllowADS\Domain AdminsFull controlNo
AllowADS\Domain AdminsRead, WriteNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\SYSTEMRead, WriteNo
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
Microsoft Office XP Professional (3)Academic Support Software Distribution
Compatibility Pack for the 2007 Office systemAcademic Support Software Distribution
Packages that will upgrade this packageGPO
None

Transforms
None
Cause
This application was applied due to the following conditions:
The application was installed as the result of a forced upgrade.
It was language neutral.
Microsoft Windows 2000 Professional Resource Kit
Winning GPOAcademic Support Software Distribution
Product Information
NameMicrosoft Windows 2000 Professional Resource Kit
Version5.0
LanguageEnglish (United States)
PlatformUnknown Processor
Support URL
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\W2K Pro ResKit\w2000rkpro.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{5037210e-66f6-4d7e-9b44-8724970498ff}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Domain AdminsFull controlNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\Authenticated UsersReadNo
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
None
Packages that will upgrade this packageGPO
None

Transforms
None
Cause
This application was applied due to the following conditions:
The application was assigned.
Its language was English.
Oracle Calendar 10.1.2
Winning GPOAcademic Support Software Distribution
Product Information
NameOracle Calendar 10.1.2
Version10.1
Language
PlatformIntel
Support URLhttp://www.oracle.com
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\Oracle Calendar\Oracle Calendar 10.1.2\bookit.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{4da016c7-9ac2-4ba7-ad31-3eba29bc21b1}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Domain AdminsFull controlNo
AllowADS\Domain AdminsRead, WriteNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\SYSTEMRead, WriteNo
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
Oracle Calendar 9.0.4Academic Support Software Distribution
Packages that will upgrade this packageGPO
None

Transforms
\\uwfile\apps$\StandardApps\Oracle Calendar\Oracle Calendar 10.1.2\bookit.mst
Cause
This application was applied due to the following conditions:
The application was installed as the result of a forced upgrade.
It was language neutral.
Oracle Connector For Outlook 10.1.2
Winning GPOAcademic Support Software Distribution
Product Information
NameOracle Connector For Outlook 10.1.2
Version3.6
Language
PlatformIntel
Support URL
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\Oracle Calendar\Oracle Calendar 10.1.2\con_outlook.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{0af6c5a4-e29b-4d1e-b6ff-d73f4fbb44da}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowADS\Domain AdminsFull controlNo
AllowADS\Domain AdminsRead, WriteNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\SYSTEMRead, WriteNo
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
Oracle ConnectorAcademic Support Software Distribution
Packages that will upgrade this packageGPO
None

Transforms
\\uwfile\apps$\StandardApps\Oracle Calendar\Oracle Calendar 10.1.2\UW-1033.mst
Cause
This application was applied due to the following conditions:
The application was installed as the result of a forced upgrade.
It was language neutral.
SSH Client 3.2.9
Winning GPOAcademic Support Software Distribution
Product Information
NameSSH Client 3.2.9
Version3.2
LanguageEnglish (United States)
PlatformIntel
Support URL
Deployment Information
GeneralSetting
Deployment typeAssigned
Deployment source\\uwfile\apps$\StandardApps\SSH\SSHClient3.2.9\SSH.msi
Uninstall this application when it falls out of the scope of managementDisabled

Advanced Deployment OptionsSetting
Ignore language when deploying this packageDisabled
Make this 32-bit X86 application available to Win64 machinesEnabled
Include OLE class and product informationDisabled

Diagnostic InformationSetting
Product code{b44e5ce5-71be-47c5-b449-511e9e579d9c}
Deployment Count0
Security
Permissions
TypeNamePermissionInherited
AllowNT AUTHORITY\Authenticated UsersReadNo
AllowADS\Domain AdminsFull controlNo
AllowADS\Domain AdminsRead, WriteNo
AllowNT AUTHORITY\SYSTEMFull controlNo
AllowNT AUTHORITY\SYSTEMRead, WriteNo
AllowADS\Domain AdminsRead, WriteYes
AllowCREATOR OWNERRead, WriteYes
AllowADS\Domain AdminsRead, WriteYes
AllowUWAD\Enterprise AdminsRead, WriteYes
AllowADS\Standard ApplicationsReadYes
AllowNT AUTHORITY\SYSTEMRead, WriteYes
Allow inheritable permissions from the parent to propagate to this object and all child objectsEnabled
Advanced
UpgradesSetting
Required upgrade for existing packagesEnabled
Packages that this package will upgradeGPO
None
Packages that will upgrade this packageGPO
None

Transforms
None
Cause
This application was applied due to the following conditions:
The application was assigned.
Its language was English.
Windows Settings
Scripts
Startup
NameParametersLast RunWinning GPO
\\uwfile\apps$\Processes\StartupScripts\Acrobat7_patch.vbs08/08/2007 5:02:23 AMAdobe 7.0 Patch
\\uwfile\apps$\Processes\StartupScripts\sav10.0.1001_patch.cmd08/08/2007 5:02:24 AMSAV 10.0.1001 patch
cpackfix.cmd08/08/2007 5:02:24 AMAcademic Support Login Script
Security Settings
Account Policies/Password Policy
PolicySettingWinning GPO
Enforce password history1 passwords rememberedDefault Domain Policy
Maximum password age0 daysDefault Domain Policy
Minimum password age0 daysDefault Domain Policy
Minimum password length7 charactersDomain No Override
Password must meet complexity requirementsEnabledDomain No Override
Store passwords using reversible encryptionDisabledDomain No Override
Account Policies/Account Lockout Policy
PolicySettingWinning GPO
Account lockout duration5 minutesSupplement Domain Policy
Account lockout threshold15 invalid logon attemptsSupplement Domain Policy
Reset account lockout counter after5 minutesSupplement Domain Policy
Local Policies/Audit Policy
PolicySettingWinning GPO
Audit account logon eventsSuccess, FailureDomain No Override
Audit account managementSuccess, FailureDomain No Override
Audit directory service accessFailureDomain No Override
Audit logon eventsFailureDomain No Override
Audit object accessFailureDomain No Override
Audit policy changeSuccess, FailureDomain No Override
Audit privilege useFailureDomain No Override
Audit system eventsFailureDomain No Override
Local Policies/User Rights Assignment
PolicySettingWinning GPO
Access this computer from the networkADS\Acsup-ComputerSupport, ADS\Domain Admins, ADS\Domain ComputersAcademic Support Security
Local Policies/Security Options
Accounts
PolicySettingWinning GPO
Accounts: Rename administrator accountISTadministratorRename Administrator and Guest accounts
Accounts: Rename guest accountISTguestRename Administrator and Guest accounts
Audit
PolicySettingWinning GPO
Audit: Audit the use of Backup and Restore privilegeEnabledSupplement Domain Policy
Devices
PolicySettingWinning GPO
Devices: Prevent users from installing printer driversDisabledSupplement Domain Policy
Devices: Restrict floppy access to locally logged-on user onlyEnabledSupplement Domain Policy
Devices: Unsigned driver installation behaviorSilently succeed Supplement Domain Policy
Interactive Logon
PolicySettingWinning GPO
Interactive logon: Message text for users attempting to log onThis computer system is restricted to authorized users. Individuals using this system without authority are in violation of the UW acceptable use policy and may be prosecuted under several sections of the Canadian Criminal Code.Supplement Domain Policy
Network Access
PolicySettingWinning GPO
Network access: Do not allow anonymous enumeration of SAM accounts and sharesEnabledAcademic Support Security
Network Security
PolicySettingWinning GPO
Network security: Force logoff when logon hours expireDisabledSupplement Domain Policy
Shutdown
PolicySettingWinning GPO
Shutdown: Clear virtual memory pagefileEnabledSupplement Domain Policy
Event Log
PolicySettingWinning GPO
Maximum application log size2048 kilobytesSupplement Domain Policy
Maximum security log size10240 kilobytesSupplement Domain Policy
Maximum system log size2048 kilobytesSupplement Domain Policy
Retention method for application logAs neededSupplement Domain Policy
Retention method for security logAs neededSupplement Domain Policy
Retention method for system logAs neededSupplement Domain Policy
File System
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\MAPISVC.INF
Winning GPOAcademic Support Software Distribution
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowNT AUTHORITY\Authenticated UsersRead and ExecuteThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\Power UsersFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersModifyThis folder and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSMAPI\1033\MAPISVC.INF
Winning GPOAcademic Support Software Distribution
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowNT AUTHORITY\Authenticated UsersRead and ExecuteThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\Power UsersFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersModifyThis folder and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\ADDINS\CSTMS.ECF
Winning GPOAcademic Support Software Distribution
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowNT AUTHORITY\Authenticated UsersRead and ExecuteThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\Power UsersFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersModifyThis folder and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
C:\PROGRAM FILES\ORACLE\OUTLOOK CONNECTOR\CTOC.INI
Winning GPOAcademic Support Software Distribution
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowNT AUTHORITY\Authenticated UsersRead and ExecuteThis folder, subfolders and files
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\Power UsersFull ControlThis folder, subfolders and files
AllowNT AUTHORITY\Authenticated UsersModifyThis folder and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Administrative Templates
Network/DNS Client
PolicySettingWinning GPO
Primary DNS SuffixEnabledSupplement Domain Policy
Enter a primary DNS suffix:ads.uwaterloo.ca
Network/Network Connections
PolicySettingWinning GPO
Prohibit use of Internet Connection Sharing on your DNS domain networkEnabledAcademic Support Security
Network/Network Connections/Windows Firewall/Domain Profile
PolicySettingWinning GPO
Windows Firewall: Allow local port exceptionsEnabledAcademic Support Security
Windows Firewall: Allow remote administration exceptionEnabledAcademic Support Security
Allow unsolicited incoming messages from:129.97.128.98,129.97.128.85,129.97.128.147,129.97.128.230
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24
PolicySettingWinning GPO
Windows Firewall: Protect all network connectionsEnabledAcademic Support Security
Network/QoS Packet Scheduler
PolicySettingWinning GPO
Limit reservable bandwidthEnabledLocal Group Policy
Bandwidth limit (%): 0
Printers
PolicySettingWinning GPO
Allow printers to be publishedDisabledAcademic Support Security
Windows Components/Internet Explorer
PolicySettingWinning GPO
Disable Automatic Install of Internet Explorer componentsEnabledSupplement Domain Policy
Disable Periodic Check for Internet Explorer software updatesEnabledSupplement Domain Policy
Disable software update shell notifications on program launchEnabledSupplement Domain Policy
Windows Components/Windows Installer
PolicySettingWinning GPO
LoggingEnabledSupplement Domain Policy
Loggingiweapcmo
To activate logging, enter one or more of the modes below.
"iwearucmpvo" will log everything but adds time to the install.
i - Status messages
w - Non-fatal warnings
e - All error messages
a - Start up of actions
r - Action-specific records
u - User requests
c - Initial UI parameters
m - Out-of-memory
p - Terminal properties
v - Verbose output
o - Out of disk space messages
Windows Components/Windows Update
PolicySettingWinning GPO
Configure Automatic UpdatesEnabledAcademic Support SUS
Configure automatic updating:4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day: 0 - Every day
Scheduled install time:05:00
PolicySettingWinning GPO
Enable client-side targetingEnabledAcademic Support SUS
Target group name for this computerGeneral
PolicySettingWinning GPO
No auto-restart for scheduled Automatic Updates installationsEnabledAcademic Support SUS
Reschedule Automatic Updates scheduled installationsEnabledAcademic Support SUS
Wait after system
startup (minutes): 5
PolicySettingWinning GPO
Specify intranet Microsoft update service locationEnabledAcademic Support SUS
Set the intranet update service for detecting updates:http://wsus.uwaterloo.ca
Set the intranet statistics server:http://wsus.uwaterloo.ca
(example: http://IntranetUpd01)
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

SettingStateWinning GPO
Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\Enabled1Academic Support Security
Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\2967:TCP:129.97.128.147:enabled:Symantec Service Console on Hickory (TCP)2967:TCP:129.97.128.147:enabled:Symantec Service Console on Hickory (TCP)Academic Support Security
Software\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\2967:UDP:129.97.128.147:enabled:Symantec Service Console on Hickory2967:UDP:129.97.128.147:enabled:Symantec Service Console on HickoryAcademic Support Security
User Configuration
Windows Settings
Scripts
Logon
NameParametersLast RunWinning GPO
acsup.bat10/08/2007 8:27:03 AMAcademic Support Login Script
Department.bat10/08/2007 8:27:03 AMDepartment Login Script
Security Settings
Public Key Policies/Autoenrollment Settings
PolicySettingWinning GPO
Enroll certificates automaticallyEnabled[Default setting]
Renew expired certificates, update pending certificates, and remove revoked certificatesDisabled
Update certificates that use certificate templatesDisabled
Folder Redirection
My Documents
Winning GPOAcademic Support Folder Redirection
Setting: Advanced (Specify locations for various user groups)
GroupPath
ADS\uw-department\\jam\deptus$\user
Options
Grant user exclusive rights to My DocumentsDisabled
Move the contents of My Documents to the new locationDisabled
Policy Removal BehaviorLeave contents
My Pictures
Winning GPOAcademic Support Folder Redirection
Setting: Advanced (Specify locations for various user groups)
GroupPath
ADS\uw-department\\jam\deptus$\user\My Pictures
Options
Grant user exclusive rights to My PicturesDisabled
Move the contents of My Pictures to the new locationDisabled
Policy Removal BehaviorLeave contents
Administrative Templates
Start Menu and Taskbar
PolicySettingWinning GPO
Add Logoff to the Start MenuEnabledSupplement Domain Policy
Remove links and access to Windows UpdateEnabledAcademic Support Security
Turn off personalized menusEnabledSupplement Domain Policy
System/User Profiles
PolicySettingWinning GPO
Exclude directories in roaming profileEnabledAcademic Support Folder Redirection
Prevent the following directories from roaming with the profile:Local Settings;Temporary Internet Files;History;Temp;Application Data\Macromedia
You can enter multiple directory names, semi-colon separated,
all relative to the root of the user's profile
PolicySettingWinning GPO
Limit profile sizeEnabledAcademic Support Folder Redirection
Custom MessageYou have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
Max Profile size (KB)50000
Include registry in file list 
Notify user when profile storage space is exceeded.Disabled
Remind user every X minutes:15
Windows Components/Windows Explorer
PolicySettingWinning GPO
Remove Shared Documents from My ComputerEnabledLocal Group Policy
Ä% . y Ä ) r r j o