忽略或替换域组策略 Overwrite/Override Domain group policy
Tags: /计算机文档/Windows应用技巧/
Date Created:
组策略是Windows的一个安全工具,IT管理员或网络管理员可以利用组策略管理大量的机器。
如果机器加入了域(Domain), 那么 域控制器(DC, Domain Controller)通过AD(Active Directory)可以下发域组策略给所有域内计算机,十分方便。
正常情况下,域策略优先级高于本地策略,否则无法通过服务器管控客户端电脑了。
Windows 组策略的优先级 OU Policy > Domain Policy > Site Policy > Local Group Policy(Machine) > Local Group Policy (User)。
默认情况下,组策略每90分钟更新一次,即会用域组策略覆盖掉本地的组策略涉资。
所以我们本地机器无论怎么改组策略,只要域组策略有同样的设置,都会覆盖掉我们本地的修改,本地修改就不起作用了。
由于组策略一般都是添加限制的,所以对于普通用户来说,就十分不方便了。想要绕过、忽略、替换域组策略的限制,有一些技术手段可以实现。
一个合法手段可以绕过域组策略就是使用 ntuser.man ,即强制用户配置文件,具体请自行搜索。其原理是在 %userprofile% 目录下放置一个处理过的 ntuser.dat ,然后保存为 ntuser.man 来实现的。Windows 登录的时候会优先加载 ntuser.man 文件,如果不存在才会加载 ntuser.dat。但这样做的缺点就是你的任何修改无法保存。这本来就是为了学校、网吧等需要恢复配置的情况使用的。
今天要讨论的是另外一个技术手段,人人都可以实现,等于是破解了域组策略的安全限制,算是安全漏洞。
1. 首先运行 gpresult /v > group_policy.txt 命令,通过这个命令收集域组策略有哪些限制设置。你也可以运行 rsop.msc 来查看组策略最终生效的结果集。
2. 从group_policy.txt中,找到对应的限制条目,例如以远程桌面剪切板限制为例,其对应的条目是:SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip ,我们新建一个批处理group_policy_update.bat,批处理里面修改掉对应的注册表,例如:
@REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fDisableClip /t REG_DWORD /d 0 /f上述即可强制远程桌面启用远程剪切板粘贴功能。需要注意的是,需要管理员权限,大部分的注册表和Polices相关的条目,时不允许users用户修改的,非管理员可以先考虑提权。
3. 新建一个触发器为On an event(发生事件时)的计划任务,日志设置为:Microsoft-Windows-GroupPolicy/Operational,源设置为:GroupPolicy,事件ID设置为 5016(应用组策略故障排除指南 - Windows Server | Microsoft Learn),操作就设置为运行我们的 group_policy_update.bat 。同样如果是管理员,可以设置程序运行的账户为SYSTEM,如果非普通用户就以自己的账户运行即可。如果是HKLM的限制,需要管理员权限,如果是HKCU的限制,可以用普通账户运行。如下图:
问题产生的可能原因:
gpupdate的过程:
1. 连接AD服务器
2. 获取组策略列表和本地组策略,产生 1500 Event ID
3. 处理本地组策略到结果列表
4. 对于获取到的域组策略列表,循环处理:
产生4106 Event ID通知系统
处理当前域组策略到结果列表
写入结果到注册表
产生5106 Event ID通知系统
5. 发送系统广播通知组策略更新,其他应用程序可以读取注册跟刷新内部缓存
6. 产生1502和1503,8004 Event ID,完成组策略更新
Windows事件查看器中,我们可以看到1502和1503的事件ID,其他组策略相关的Event ID在事件查看其中并不会记录,但我们仍然可以触发。
对于某些程序,安全策略没有要求那么高的,他们并不会实时更新组策略,而是程序启动或者运行的时候才会去读取,所以我们设置 1502,1503,8004等触发事件 ID,一样能生效。
但是对于一些系统级别安全较高的程序,如远程桌面服务,我们需要设置5106 事件来触发,否则注册表的写入可能不会生效!
当我们用上述的方式,截胡修改注册表的值之后,当组策略更新程序发送系统广播的时候,我们写入的值会被其他程序读取走,就突破了组策略的限制,但是当我们使用rsop或者gpresult 等工具输出组策略的时候,你会发现,生成的报告中,仍然是原域组策略的相关设置,完美欺骗了系统。
附组策略结果 group_policy.txt 样本:
Microsoft (R) Windows (R) 操作系统组策略结果工具 v2.0
? Microsoft Corporation。保留所有权利。
在 ?2024-?04-?21 上的 11:14:30 中创建
DEMO\Bill 的 RSOP 数据,位于 MS-Bill 上: 登录模式
-----------------------------------------------------------
OS 配置: 成员工作站
OS 版本: 10.0.19045
站点名称: Default-First-Site-Name
漫游配置文件: 暂缺
本地配置文件: C:\Users\Bill
使用慢速链接?: 否
计算机设置
-----------
CN=MS-Bill,OU=Computer,OU=XX,OU=Employees,DC=DEMO,DC=com
上一次应用组策略的时间: 于 2024-04-21,10:31:07
应用的组策略来源于: DEMO-IT-FKMS.DEMO.com
组策略慢速链接阈值: 500 kbps
域名: DEMO
域类型: Windows 2008 或更高版本
已应用的组策略对象
-------------------
security Policy
禁用USB
DEMO屏保
禁止文件共享
删除本地管理员权限
Disable_Administrator
禁止蓝牙
Default Domain Policy
禁止程序
本地组策略
此计算机是下列安全组的一部分
----------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
MS-Bill$
Domain Computers
身份验证机构声明的标识
System Mandatory Level
计算机的策略的结果集
---------------------
软件安装
--------
暂缺
启动脚本
--------
GPO: Disable_Administrator
名称: disable_administrator.bat
参数:
上一次执行日期: 尚未运行此脚本。
GPO: DEMO屏保
名称: Screen.bat
参数:
上一次执行日期: 尚未运行此脚本。
GPO: 禁止文件共享
名称: DenyShare.bat
参数:
上一次执行日期: 尚未运行此脚本。
关机脚本
--------
暂缺
帐户策略
--------
GPO: security Policy
策略: LockoutDuration
计算机设置: 4294967295
GPO: security Policy
策略: MaximumPasswordAge
计算机设置: 90
GPO: security Policy
策略: MinimumPasswordAge
计算机设置: 2
GPO: security Policy
策略: ResetLockoutCount
计算机设置: 10
GPO: security Policy
策略: LockoutBadCount
计算机设置: 4
GPO: security Policy
策略: PasswordHistorySize
计算机设置: 10
GPO: security Policy
策略: MinimumPasswordLength
计算机设置: 8
审核策略
--------
GPO: security Policy
策略: AuditPolicyChange
计算机设置: Success, Failure
GPO: security Policy
策略: AuditAccountManage
计算机设置: Success, Failure
GPO: security Policy
策略: AuditObjectAccess
计算机设置: Success, Failure
GPO: security Policy
策略: AuditDSAccess
计算机设置: Success, Failure
GPO: security Policy
策略: AuditPrivilegeUse
计算机设置: Success, Failure
GPO: security Policy
策略: AuditProcessTracking
计算机设置: Success, Failure
GPO: security Policy
策略: AuditAccountLogon
计算机设置: Success, Failure
GPO: security Policy
策略: AuditLogonEvents
计算机设置: Success, Failure
GPO: security Policy
策略: AuditSystemEvents
计算机设置: Success, Failure
用户权限
--------
GPO: Disable_Administrator
策略: DenyRemoteInteractiveLogonRight
计算机设置: Administrator
安全选项
--------
GPO: security Policy
策略: PasswordComplexity
计算机设置: 已启用
GPO: Default Domain Policy
策略: ClearTextPassword
计算机设置: 没有启用
GPO: Default Domain Policy
策略: ForceLogoffWhenHourExpire
计算机设置: 没有启用
GPO: Disable_Administrator
策略: EnableGuestAccount
计算机设置: 没有启用
GPO: Default Domain Policy
策略: RequireLogonToChangePassword
计算机设置: 没有启用
GPO: Default Domain Policy
策略: LSAAnonymousNameLookup
计算机设置: 没有启用
GPO: Disable_Administrator
策略: EnableAdminAccount
计算机设置: 没有启用
GPO: security Policy
策略: @wsecedit.dll,-59017
值名: MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge
计算机设置: 30
GPO: Default Domain Policy
策略: @wsecedit.dll,-59058
值名: MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
计算机设置: 1
GPO: security Policy
策略: @wsecedit.dll,-59023
值名: MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
计算机设置: 1
GPO: Disable_Administrator
策略: @wsecedit.dll,-59039
值名: MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature
计算机设置: 1
GPO: security Policy
策略: @wsecedit.dll,-59079
值名: MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
计算机设置: 1
GPO: security Policy
策略: @wsecedit.dll,-59046
值名: MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds
计算机设置: 1
GPO: security Policy
策略: @wsecedit.dll,-59031
值名: MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning
计算机设置: 4
事件日志设置
------------
暂缺
受限制的组
----------
暂缺
系统服务
--------
GPO: 禁止蓝牙
服务名: bthserv
启动: 已禁用
GPO: security Policy
服务名: W32Time
启动: 自动
注册表设置
----------
暂缺
文件系统设置
------------
暂缺
公钥策略
--------
暂缺
管理模板
--------
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions
值: 4, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableAudioCapture
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Write
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallSecondWeek
状态: 已禁用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1\ACSettingIndex
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCameraRedir
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DODownloadMode
值: 100, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Biometrics\Enabled
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0\ACSettingIndex
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Microsoft\wcmsvc\wifinetworkmanager\config\AutoConnectAllowedOEM
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCpm
值: 1, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Disabled
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-SMB-In-TCP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 52, 0, 52, 0, 53, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 49, 0, 49, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 49, 0, 52, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\EveryNetwork\NameReadOnly
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-NB_Session-In-TCP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 57, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 51, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 54, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936\ACSettingIndex
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{0AD681BA-D04E-4D42-B9DD-F3718BBF017D}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 55, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 57, 0, 48, 0, 48, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 85, 0, 68, 0, 80, 0, 95, 0, 49, 0, 57, 0, 48, 0, 48, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallFourthWeek
状态: 已禁用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections
值: 0, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Personalization\NoLockScreenCamera
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\PolicyVersion
值: 22, 2, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallTime
值: 12, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallThirdWeek
状态: 已禁用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex
值: 132, 3, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2\DCSettingIndex
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\DetectionFrequency
值: 22, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{C146D527-4308-4D7F-8C3B-018B48D43643}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 53, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 84, 0, 67, 0, 80, 0, 95, 0, 49, 0, 51, 0, 53, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AutomaticMaintenanceEnabled
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\SetDisablePauseUXAccess
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT
值: 1, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCloudSearch
状态: 已禁用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-RPCSS-In-TCP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 82, 0, 80, 0, 67, 0, 45, 0, 69, 0, 80, 0, 77, 0, 97, 0, 112, 0, 124, 0, 83, 0, 118, 0, 99, 0, 61, 0, 82, 0, 112, 0, 99, 0, 115, 0, 115, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 51, 0, 57, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 50, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\Enabled
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-ICMP6-ERQ-In
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 53, 0, 56, 0, 124, 0, 73, 0, 67, 0, 77, 0, 80, 0, 54, 0, 61, 0, 49, 0, 50, 0, 56, 0, 58, 0, 42, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 53, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 55, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\DetectionFrequencyEnabled
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\Deny_All
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallEveryWeek
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\ACSettingIndex
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-LLMNR-In-UDP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 55, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 53, 0, 51, 0, 53, 0, 53, 0, 124, 0, 82, 0, 65, 0, 52, 0, 61, 0, 76, 0, 111, 0, 99, 0, 97, 0, 108, 0, 83, 0, 117, 0, 98, 0, 110, 0, 101, 0, 116, 0, 124, 0, 82, 0, 65, 0, 54, 0, 61, 0, 76, 0, 111, 0, 99, 0, 97, 0, 108, 0, 83, 0, 117, 0, 98, 0, 110, 0, 101, 0, 116, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 37, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 82, 0, 111, 0, 111, 0, 116, 0, 37, 0, 92, 0, 115, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 51, 0, 50, 0, 92, 0, 115, 0, 118, 0, 99, 0, 104, 0, 111, 0, 115, 0, 116, 0, 46, 0, 101, 0, 120, 0, 101, 0, 124, 0, 83, 0, 118, 0, 99, 0, 61, 0, 100, 0, 110, 0, 115, 0, 99, 0, 97, 0, 99, 0, 104, 0, 101, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 56, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 57, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\AllowMUUpdateService
状态: 已禁用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime
值: 192, 39, 9, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop\RemoteAddresses
值: 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCortana
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-NB_Name-In-UDP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 55, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 55, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 49, 0, 57, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 50, 0, 50, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCam
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Read
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{793E346D-1EC5-4B8C-8F31-A8F034F5D485}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 57, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 84, 0, 67, 0, 80, 0, 95, 0, 49, 0, 51, 0, 57, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\RemoteAddresses
值: 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\Enabled
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallDay
值: 4, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop\Enabled
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0A00000000F0000F02024721B86F0991E4255BB0596119BE0EAAEAA2241B8B47E0FA10470EB6C13E7\NameReadOnly
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel
值: 3, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{61437400-0507-46B0-BCF3-BF58AEE88212}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 55, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 55, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 85, 0, 68, 0, 80, 0, 95, 0, 49, 0, 51, 0, 55, 0, 124, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{B46EAB09-0FD1-457C-867E-93D1B9FF55FE}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 56, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 85, 0, 68, 0, 80, 0, 95, 0, 49, 0, 51, 0, 56, 0, 124, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936\DCSettingIndex
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ScheduledInstallFirstWeek
状态: 已禁用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Personalization\LockScreenImage
值: 67, 0, 58, 0, 92, 0, 83, 0, 99, 0, 114, 0, 101, 0, 101, 0, 110, 0, 95, 0, 112, 0, 105, 0, 99, 0, 116, 0, 117, 0, 114, 0, 101, 0, 92, 0, 52, 0, 46, 0, 106, 0, 112, 0, 103, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\EveryNetwork\CategoryReadOnly
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex
值: 132, 3, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Execute
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
值: 181, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-SpoolSvc-In-TCP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 82, 0, 80, 0, 67, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 37, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 82, 0, 111, 0, 111, 0, 116, 0, 37, 0, 92, 0, 115, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 51, 0, 50, 0, 92, 0, 115, 0, 112, 0, 111, 0, 111, 0, 108, 0, 115, 0, 118, 0, 46, 0, 101, 0, 120, 0, 101, 0, 124, 0, 83, 0, 118, 0, 99, 0, 61, 0, 83, 0, 112, 0, 111, 0, 111, 0, 108, 0, 101, 0, 114, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 51, 0, 53, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 51, 0, 56, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\{30996F98-9A99-43D1-818F-33E106CD3057}
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 54, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 52, 0, 52, 0, 53, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 84, 0, 67, 0, 80, 0, 95, 0, 52, 0, 52, 0, 53, 0, 124, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-NB_Datagram-In-UDP
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 55, 0, 124, 0, 76, 0, 80, 0, 111, 0, 114, 0, 116, 0, 61, 0, 49, 0, 51, 0, 56, 0, 124, 0, 65, 0, 112, 0, 112, 0, 61, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 50, 0, 55, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 51, 0, 48, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\FPS-ICMP4-ERQ-In
值: 118, 0, 50, 0, 46, 0, 49, 0, 48, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 111, 0, 110, 0, 61, 0, 66, 0, 108, 0, 111, 0, 99, 0, 107, 0, 124, 0, 65, 0, 99, 0, 116, 0, 105, 0, 118, 0, 101, 0, 61, 0, 84, 0, 82, 0, 85, 0, 69, 0, 124, 0, 68, 0, 105, 0, 114, 0, 61, 0, 73, 0, 110, 0, 124, 0, 80, 0, 114, 0, 111, 0, 116, 0, 111, 0, 99, 0, 111, 0, 108, 0, 61, 0, 49, 0, 124, 0, 73, 0, 67, 0, 77, 0, 80, 0, 52, 0, 61, 0, 56, 0, 58, 0, 42, 0, 124, 0, 78, 0, 97, 0, 109, 0, 101, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 51, 0, 124, 0, 68, 0, 101, 0, 115, 0, 99, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 52, 0, 55, 0, 124, 0, 69, 0, 109, 0, 98, 0, 101, 0, 100, 0, 67, 0, 116, 0, 120, 0, 116, 0, 61, 0, 64, 0, 70, 0, 105, 0, 114, 0, 101, 0, 119, 0, 97, 0, 108, 0, 108, 0, 65, 0, 80, 0, 73, 0, 46, 0, 100, 0, 108, 0, 108, 0, 44, 0, 45, 0, 50, 0, 56, 0, 53, 0, 48, 0, 50, 0, 124, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Personalization\LockScreenOverlaysDisabled
值: 1, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\Domain Accounts
值: 1, 0, 0, 0
状态: 已启用
GPO: Default Domain Policy
文件夹 Id: Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI
值: 0, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir
值: 1, 0, 0, 0
状态: 已启用
用户设置
---------
CN=Bill,OU=XX,OU=Employees,DC=DEMO,DC=com
上一次应用组策略的时间: 于 2024-04-21,9:27:03
应用的组策略来源于: DEMO-IT-FKMS.DEMO.com
组策略慢速链接阈值: 500 kbps
域名: DEMO
域类型: Windows 2008 或更高版本
已应用的组策略对象
-------------------
security Policy
禁用USB
DEMO屏保
禁止文件共享
Disable_Administrator
Default Domain Policy
禁止程序
本地组策略
用户是下列安全组的一部分
------------------------
Domain Users
Everyone
Performance Log Users
Remote Desktop Users
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
身份验证机构声明的标识
High Mandatory Level
用户有下列安全特权
------------------
绕过遍历检查
管理审核和安全日志
备份文件和目录
还原文件和目录
更改系统时间
关闭系统
从远程系统强制关机
取得文件或其他对象的所有权
调试程序
修改固件环境值
配置文件系统性能
配置文件单一进程
提高计划优先级
加载和卸载设备驱动程序
创建一个页面文件
为进程调整内存配额
从扩展坞上取下计算机
执行卷维护任务
身份验证后模拟客户端
创建全局对象
更改时区
创建符号链接
获取同一会话中另一个用户的模拟令牌
增加进程工作集
用户的策略的结果集
-------------------
软件安装
--------
暂缺
登录脚本
--------
注销脚本
--------
公钥策略
--------
暂缺
管理模板
--------
GPO: 禁止文件共享
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInplaceSharing
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6
值: 78, 0, 101, 0, 116, 0, 99, 0, 104, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁止文件共享
文件夹 Id: Software\Policies\Microsoft\Windows NT\SharedFolders\PublishSharedFolders
值: 0, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Write
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8
值: 86, 0, 50, 0, 82, 0, 97, 0, 121, 0, 87, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4
值: 86, 0, 50, 0, 114, 0, 97, 0, 121, 0, 83, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE
值: 67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 51, 0, 50, 0, 92, 0, 80, 0, 104, 0, 111, 0, 116, 0, 111, 0, 83, 0, 99, 0, 114, 0, 101, 0, 101, 0, 110, 0, 115, 0, 97, 0, 118, 0, 101, 0, 114, 0, 46, 0, 115, 0, 99, 0, 114, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
值: 51, 0, 48, 0, 48, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
值: 1, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
值: 49, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Write
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\Deny_All
值: 1, 0, 0, 0
状态: 已启用
GPO: 本地组策略
文件夹 Id: SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Disabled
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Read
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5
值: 113, 0, 118, 0, 50, 0, 114, 0, 97, 0, 121, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Read
值: 1, 0, 0, 0
状态: 已启用
GPO: security Policy
文件夹 Id: Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResume
值: 1, 0, 0, 0
状态: 已启用
GPO: DEMO屏保
文件夹 Id: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive
值: 49, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Write
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Write
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Read
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7
值: 67, 0, 108, 0, 97, 0, 115, 0, 104, 0, 32, 0, 102, 0, 111, 0, 114, 0, 32, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1
值: 110, 0, 97, 0, 118, 0, 105, 0, 99, 0, 97, 0, 116, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2
值: 118, 0, 50, 0, 114, 0, 97, 0, 121, 0, 78, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁用USB
文件夹 Id: Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}\Deny_Read
值: 1, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3
值: 87, 0, 105, 0, 110, 0, 88, 0, 114, 0, 97, 0, 121, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
GPO: 禁止程序
文件夹 Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9
值: 67, 0, 108, 0, 97, 0, 115, 0, 104, 0, 32, 0, 86, 0, 101, 0, 114, 0, 103, 0, 101, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
状态: 已启用
文件夹重定向
------------
暂缺
Internet Explorer 浏览器用户界面
--------------------------------
暂缺
Internet Explorer 连接
----------------------
暂缺
Internet Explorer URL
---------------------
暂缺
Internet Explorer 安全
----------------------
暂缺
Internet Explorer 程序
----------------------
暂缺