Tips-Of-Mine/PAW
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
PAW/GPO Backup/{7C6FC4CB-65C0-4A96-936D-9A62801368CE}/gpreport.xml
hcornet a4fa9cb5ab update
2023-11-29 17:01:08 +01:00

1152 lines
109 KiB
XML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="utf-16"?>
<GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
<Identifier>
<Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{4CC70DA5-BB28-4651-8394-F719F99FD7B9}</Identifier>
<Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">azureblog.pl</Domain>
</Identifier>
<Name>Tier1 PAW Configuration - Computer</Name>
<IncludeComments>true</IncludeComments>
<CreatedTime>2020-05-23T17:58:47</CreatedTime>
<ModifiedTime>2020-05-23T18:01:54</ModifiedTime>
<ReadTime>2020-05-23T19:06:04.5269829Z</ReadTime>
<SecurityDescriptor>
<SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-657827913-1895599540-1755036276-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
<Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Domain Admins</Name>
</Owner>
<Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Domain Admins</Name>
</Group>
<PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
<Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
<InheritsFromParent>false</InheritsFromParent>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-512</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Domain Admins</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
<TrusteePermissions>
<Trustee>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-519</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Enterprise Admins</Name>
</Trustee>
<Type xsi:type="PermissionType">
<PermissionType>Allow</PermissionType>
</Type>
<Inherited>false</Inherited>
<Applicability>
<ToSelf>true</ToSelf>
<ToDescendantObjects>false</ToDescendantObjects>
<ToDescendantContainers>true</ToDescendantContainers>
<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
</Applicability>
<Standard>
<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
</Standard>
<AccessMask>0</AccessMask>
</TrusteePermissions>
</Permissions>
<AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
</SecurityDescriptor>
<FilterDataAvailable>true</FilterDataAvailable>
<Computer>
<VersionDirectory>2</VersionDirectory>
<VersionSysvol>2</VersionSysvol>
<Enabled>true</Enabled>
<ExtensionData>
<Extension xmlns:q1="http://www.microsoft.com/GroupPolicy/Settings/Lugs" xsi:type="q1:LugsSettings">
<q1:LocalUsersAndGroups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}">
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Administrators (built-in)" image="2" changed="2020-05-03 10:24:35" uid="{69D13DA4-35EF-4306-B21B-8945B0B074FB}" userContext="0" removePolicy="0">
<q1:GPOSettingOrder>1</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-544" groupName="Administrators (built-in)">
<q1:Members>
<q1:Member name="Administrator" action="ADD" sid="" />
<q1:Member name="AZUREBLOG\Tier1 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2604" />
</q1:Members>
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Backup Operators (built-in)" image="2" changed="2020-05-02 19:51:51" uid="{8EF6A831-772A-44E7-8C06-F989A132A915}">
<q1:GPOSettingOrder>2</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-551" groupName="Backup Operators (built-in)">
<q1:Members />
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Cryptographic Operators (built-in)" image="2" changed="2020-05-02 19:52:09" uid="{8921DB1D-B0EA-47C0-939A-DE8EC751F0A6}">
<q1:GPOSettingOrder>3</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-569" groupName="Cryptographic Operators (built-in)">
<q1:Members />
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Network Configuration Operators (built-in)" image="2" changed="2020-05-02 19:52:31" uid="{C0487B91-76A7-46E0-A1AE-E98C0E3A4DB3}">
<q1:GPOSettingOrder>4</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-556" groupName="Network Configuration Operators (built-in)">
<q1:Members />
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Power Users (built-in)" image="2" changed="2020-05-02 19:52:40" uid="{641914FE-D604-44BE-9D86-937EE0A21B0C}">
<q1:GPOSettingOrder>5</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-547" groupName="Power Users (built-in)">
<q1:Members />
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Remote Desktop Users (built-in)" image="2" changed="2020-05-03 17:55:32" uid="{6AD9FE21-6AEE-441D-9BDF-1B5CD8632002}">
<q1:GPOSettingOrder>6</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-555" groupName="Remote Desktop Users (built-in)">
<q1:Members>
<q1:Member name="AZUREBLOG\Tier1 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2604" />
<q1:Member name="AZUREBLOG\Tier1 PAW Users" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2603" />
</q1:Members>
</q1:Properties>
<q1:Filters />
</q1:Group>
<q1:Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Replicators (built-in)" image="2" changed="2020-05-02 19:52:59" uid="{252820B0-356C-4E4B-940C-66A74C87B0F2}">
<q1:GPOSettingOrder>7</q1:GPOSettingOrder>
<q1:Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-552" groupName="Replicators (built-in)">
<q1:Members />
</q1:Properties>
<q1:Filters />
</q1:Group>
</q1:LocalUsersAndGroups>
</Extension>
<Name>Local Users and Groups</Name>
</ExtensionData>
<ExtensionData>
<Extension xmlns:q2="http://www.microsoft.com/GroupPolicy/Settings/Security" xsi:type="q2:SecuritySettings">
<q2:UserRightsAssignment>
<q2:Name>SeInteractiveLogonRight</q2:Name>
<q2:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-3103</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Tier1PAWUsers</Name>
</q2:Member>
<q2:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-657827913-1895599540-1755036276-3104</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">AZUREBLOG\Tier1PAWMaint</Name>
</q2:Member>
<q2:Member>
<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-32-544</SID>
<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">BUILTIN\Administrators</Name>
</q2:Member>
</q2:UserRightsAssignment>
<q2:Blocked>false</q2:Blocked>
</Extension>
<Name>Security</Name>
</ExtensionData>
<ExtensionData>
<Extension xmlns:q3="http://www.microsoft.com/GroupPolicy/Settings/WindowsFirewall" xsi:type="q3:WindowsFirewallSettings">
<q3:GlobalSettings>
<q3:PolicyVersion>
<q3:Value>541</q3:Value>
</q3:PolicyVersion>
</q3:GlobalSettings>
<q3:DomainProfile>
<q3:AllowLocalIPsecPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalIPsecPolicyMerge>
<q3:AllowLocalPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalPolicyMerge>
<q3:DefaultInboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultInboundAction>
<q3:DefaultOutboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultOutboundAction>
<q3:DisableNotifications>
<q3:Value>false</q3:Value>
</q3:DisableNotifications>
<q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:Value>true</q3:Value>
</q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:EnableFirewall>
<q3:Value>true</q3:Value>
</q3:EnableFirewall>
<q3:LogFilePath>
<q3:Value>%systemroot%\system32\logfiles\firewall\pfirewall.log</q3:Value>
</q3:LogFilePath>
<q3:LogFileSize>
<q3:Value>32767</q3:Value>
</q3:LogFileSize>
<q3:LogDroppedPackets>
<q3:Value>true</q3:Value>
</q3:LogDroppedPackets>
<q3:LogSuccessfulConnections>
<q3:Value>true</q3:Value>
</q3:LogSuccessfulConnections>
</q3:DomainProfile>
<q3:PublicProfile>
<q3:AllowLocalIPsecPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalIPsecPolicyMerge>
<q3:AllowLocalPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalPolicyMerge>
<q3:DefaultInboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultInboundAction>
<q3:DefaultOutboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultOutboundAction>
<q3:DisableNotifications>
<q3:Value>false</q3:Value>
</q3:DisableNotifications>
<q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:Value>true</q3:Value>
</q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:EnableFirewall>
<q3:Value>true</q3:Value>
</q3:EnableFirewall>
</q3:PublicProfile>
<q3:PrivateProfile>
<q3:AllowLocalIPsecPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalIPsecPolicyMerge>
<q3:AllowLocalPolicyMerge>
<q3:Value>false</q3:Value>
</q3:AllowLocalPolicyMerge>
<q3:DefaultInboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultInboundAction>
<q3:DefaultOutboundAction>
<q3:Value>true</q3:Value>
</q3:DefaultOutboundAction>
<q3:DisableNotifications>
<q3:Value>false</q3:Value>
</q3:DisableNotifications>
<q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:Value>true</q3:Value>
</q3:DisableUnicastResponsesToMulticastBroadcast>
<q3:EnableFirewall>
<q3:Value>true</q3:Value>
</q3:EnableFirewall>
<q3:LogFilePath>
<q3:Value>%systemroot%\system32\logfiles\firewall\pfirewall.log</q3:Value>
</q3:LogFilePath>
<q3:LogFileSize>
<q3:Value>32767</q3:Value>
</q3:LogFileSize>
<q3:LogDroppedPackets>
<q3:Value>false</q3:Value>
</q3:LogDroppedPackets>
<q3:LogSuccessfulConnections>
<q3:Value>false</q3:Value>
</q3:LogSuccessfulConnections>
</q3:PrivateProfile>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25351</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>41</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25357</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25426</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:LPort>IPTLSIn</q3:LPort>
<q3:LPort>IPHTTPSIn</q3:LPort>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25428</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25326</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>iphlpsvc</q3:Svc>
<q3:LPort>Teredo</q3:LPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25332</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25304</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dhcp</q3:Svc>
<q3:LPort>546</q3:LPort>
<q3:RPort>547</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25306</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25301</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dhcp</q3:Svc>
<q3:LPort>68</q3:LPort>
<q3:RPort>67</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25303</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25376</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>2</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25382</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25251</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>1</q3:Protocol>
<q3:ICMP4>3:4</q3:ICMP4>
<q3:Desc>@FirewallAPI.dll,-25257</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25082</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>132:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25088</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25075</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>143:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25081</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25068</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>131:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25074</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25061</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>130:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25067</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25009</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>133:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25011</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25012</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:RA6>fe80::/64</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>134:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25018</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25026</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>136:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25032</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25019</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>135:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25025</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25116</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>4:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25118</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25113</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>3:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25115</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25001</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>2:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25007</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25110</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>1:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25112</q3:Desc>
<q3:Active>true</q3:Active>
<q3:Edge>true</q3:Edge>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.27</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@ipnathlp.dll,-144</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>%systemroot%\system32\svchost.exe</q3:App>
<q3:Svc>SharedAccess</q3:Svc>
<q3:IF>{A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA}</q3:IF>
<q3:Profile>Domain</q3:Profile>
<q3:Profile>Private</q3:Profile>
<q3:Profile>Public</q3:Profile>
<q3:LPort>67</q3:LPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@ipnathlp.dll,-10143</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@ipnathlp.dll,-140</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:InboundFirewallRules>
<q3:Version>2.27</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@ipnathlp.dll,-145</q3:Name>
<q3:Dir>In</q3:Dir>
<q3:App>%systemroot%\system32\svchost.exe</q3:App>
<q3:Svc>SharedAccess</q3:Svc>
<q3:IF>{A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA}</q3:IF>
<q3:Profile>Domain</q3:Profile>
<q3:Profile>Private</q3:Profile>
<q3:Profile>Public</q3:Profile>
<q3:LPort>68</q3:LPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@ipnathlp.dll,-10144</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@ipnathlp.dll,-140</q3:EmbedCtxt>
</q3:InboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>LSASS Outbound Allow</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%windir%\system32\lsass.exe</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>Allow WMI outbound query</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%windir%\system32\wbem\wmiprvse.exe</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>389</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28550</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dnscache</q3:Svc>
<q3:Profile>Domain</q3:Profile>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:RPort>5355</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-28551</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28546</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Profile>Domain</q3:Profile>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>128:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-28547</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28544</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Profile>Domain</q3:Profile>
<q3:Protocol>1</q3:Protocol>
<q3:ICMP4>8:*</q3:ICMP4>
<q3:Desc>@FirewallAPI.dll,-28547</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28531</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>138</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-28534</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28523</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>137</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-28526</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-28507</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>139</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-28510</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-28502</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>Allow outbound NlaSvc Service port 389</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%windir%\System32\svchost.exe</q3:App>
<q3:Svc>NlaSvc</q3:Svc>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>389</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>Outbound RDP (3389)</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>3389</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25407</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\lsass.exe</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25408</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25405</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dnscache</q3:Svc>
<q3:RPort>53</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25406</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25403</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25404</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25401</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Profile>Domain</q3:Profile>
<q3:RPort>445</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25401</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25352</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>41</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25358</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25427</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>iphlpsvc</q3:Svc>
<q3:RPort>IPTLSOut</q3:RPort>
<q3:RPort>IPHTTPSOut</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25429</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25327</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>iphlpsvc</q3:Svc>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25333</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25305</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dhcp</q3:Svc>
<q3:LPort>546</q3:LPort>
<q3:RPort>547</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25306</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25302</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%SystemRoot%\system32\svchost.exe</q3:App>
<q3:Svc>dhcp</q3:Svc>
<q3:LPort>68</q3:LPort>
<q3:RPort>67</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25303</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25377</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>System</q3:App>
<q3:Protocol>2</q3:Protocol>
<q3:Desc>@FirewallAPI.dll,-25382</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25083</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>132:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25088</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25076</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>143:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25081</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25069</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>131:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25074</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25062</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>130:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25067</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25008</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:RA6>fe80::/64</q3:RA6>
<q3:RA6>ff02::2</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>133:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25011</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25013</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:LA6>fe80::/64</q3:LA6>
<q3:RA4>LocalSubnet</q3:RA4>
<q3:RA6>LocalSubnet</q3:RA6>
<q3:RA6>fe80::/64</q3:RA6>
<q3:RA6>ff02::1</q3:RA6>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>134:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25018</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25027</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>136:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25032</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25020</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>135:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25025</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25117</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>4:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25118</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25114</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>3:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25115</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@FirewallAPI.dll,-25002</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Protocol>58</q3:Protocol>
<q3:ICMP6>2:*</q3:ICMP6>
<q3:Desc>@FirewallAPI.dll,-25007</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@FirewallAPI.dll,-25000</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>Allow outbound NlaSvc Service port 389 TCP</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Profile>Private</q3:Profile>
<q3:Profile>Public</q3:Profile>
<q3:RPort>389</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.20</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>Allow outbound NlaSvc Service port 389 UDP</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:Profile>Private</q3:Profile>
<q3:Profile>Public</q3:Profile>
<q3:RPort>389</q3:RPort>
<q3:Protocol>17</q3:Protocol>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.27</q3:Version>
<q3:Action>Allow</q3:Action>
<q3:Name>@ipnathlp.dll,-151</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:App>%systemroot%\system32\svchost.exe</q3:App>
<q3:Svc>SharedAccess</q3:Svc>
<q3:IF>{A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA}</q3:IF>
<q3:Profile>Domain</q3:Profile>
<q3:Profile>Private</q3:Profile>
<q3:Profile>Public</q3:Profile>
<q3:Desc>@ipnathlp.dll,-10149</q3:Desc>
<q3:Active>true</q3:Active>
<q3:EmbedCtxt>@ipnathlp.dll,-140</q3:EmbedCtxt>
</q3:OutboundFirewallRules>
<q3:OutboundFirewallRules>
<q3:Version>2.27</q3:Version>
<q3:Action>Block</q3:Action>
<q3:Name>Block HTTP/HTTPS</q3:Name>
<q3:Dir>Out</q3:Dir>
<q3:RPort>80</q3:RPort>
<q3:RPort>443</q3:RPort>
<q3:Protocol>6</q3:Protocol>
<q3:Desc>Blocks outbound HTTP and HTTPS</q3:Desc>
<q3:Active>true</q3:Active>
</q3:OutboundFirewallRules>
</Extension>
<Name>Windows Firewall</Name>
</ExtensionData>
<ExtensionData>
<Extension xmlns:q4="http://www.microsoft.com/GroupPolicy/Settings/Registry" xsi:type="q4:RegistrySettings">
<q4:Policy>
<q4:Name>Windows Defender Firewall: Allow logging</q4:Name>
<q4:State>Enabled</q4:State>
<q4:Explain>Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives.
If you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages.
If you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log.
If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact.
If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.
</q4:Explain>
<q4:Supported>At least Windows XP Professional with SP2</q4:Supported>
<q4:Category>Network/Network Connections/Windows Defender Firewall/Domain Profile</q4:Category>
<q4:CheckBox>
<q4:Name>Log dropped packets</q4:Name>
<q4:State>Enabled</q4:State>
</q4:CheckBox>
<q4:CheckBox>
<q4:Name>Log successful connections</q4:Name>
<q4:State>Enabled</q4:State>
</q4:CheckBox>
<q4:EditText>
<q4:Name>Log file path and name:</q4:Name>
<q4:State>Enabled</q4:State>
<q4:Value>%systemroot%\system32\logfiles\firewall\pfirewall.log</q4:Value>
</q4:EditText>
<q4:Numeric>
<q4:Name>Size limit (KB):</q4:Name>
<q4:State>Enabled</q4:State>
<q4:Value>32767</q4:Value>
</q4:Numeric>
</q4:Policy>
<q4:Policy>
<q4:Name>Windows Defender Firewall: Prohibit notifications</q4:Name>
<q4:State>Disabled</q4:State>
<q4:Explain>Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defender Firewall add the program to the program exceptions list.
If you enable this policy setting, Windows Defender Firewall prevents the display of these notifications.
If you disable this policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected and administrators cannot clear it.
If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected by default, and administrators can change it.</q4:Explain>
<q4:Supported>At least Windows XP Professional with SP2</q4:Supported>
<q4:Category>Network/Network Connections/Windows Defender Firewall/Domain Profile</q4:Category>
</q4:Policy>
<q4:Policy>
<q4:Name>Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests</q4:Name>
<q4:State>Enabled</q4:State>
<q4:Explain>Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.
If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Defender Firewall blocks the unicast responses sent by those other computers.
If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.
Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.</q4:Explain>
<q4:Supported>At least Windows XP Professional with SP2</q4:Supported>
<q4:Category>Network/Network Connections/Windows Defender Firewall/Domain Profile</q4:Category>
</q4:Policy>
<q4:Policy>
<q4:Name>Windows Defender Firewall: Protect all network connections</q4:Name>
<q4:State>Enabled</q4:State>
<q4:Explain>Turns on Windows Defender Firewall.
If you enable this policy setting, Windows Defender Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.
If you disable this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not run and administrators who log on locally cannot start it.
If you do not configure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.</q4:Explain>
<q4:Supported>At least Windows XP Professional with SP2</q4:Supported>
<q4:Category>Network/Network Connections/Windows Defender Firewall/Domain Profile</q4:Category>
</q4:Policy>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AuthorizedApplications</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\GloballyOpenPorts</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AuthorizedApplications</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\GloballyOpenPorts</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:RegistrySetting>
<q4:KeyPath>SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</q4:KeyPath>
<q4:AdmSetting>false</q4:AdmSetting>
</q4:RegistrySetting>
<q4:Blocked>false</q4:Blocked>
</Extension>
<Name>Registry</Name>
</ExtensionData>
</Computer>
<User>
<VersionDirectory>2</VersionDirectory>
<VersionSysvol>2</VersionSysvol>
<Enabled>false</Enabled>
</User>
<LinksTo>
<SOMName>Devices</SOMName>
<SOMPath>azureblog.pl/Admin/Tier1/Devices</SOMPath>
<Enabled>true</Enabled>
<NoOverride>false</NoOverride>
</LinksTo>
</GPO>
Reference in New Issue View Git Blame Copy Permalink