Overview of Default Group Policies Used in NFA

Applies to: Nerdio For Azure (NFA). Does not apply to Nerdio Private Cloud (NPC)

Every Nerdio For Azure (NFA) account is provisioned with a series of group policies as detailed below. While you may change the default GPOs, we strongly recommend you contact support to discuss implications of doing so.

Policy Settings
Default Domain Policy
Type: Computer

1. Password policy

2. Account Lockout policy

3. Kerberos policy

4. Security options

5. Public key policy\Encrypting file system

WS Computer GPO
Type: Computer

1. Disable Adobe Acrobat Reader DC Protected Mode

2. Disable java update notifications

Default Domain Controllers Policy
Type: Computer
Default DC policies
Folder redirection
Type: User

1. Also redirects Favorites to FS01\Users

2. Redirects Chrome disk cache to D:\TEMP (local SSD on Azure VMs for better performance)

3. Only applied to Nerdio managed VMs in Azure (important in Hybrid AD environments)

IE settings
Type: User

1. Common Microsoft 365 URLs added to trusted sites.

2. Add rdweb.nerdio.net to local intranet.

Helps with SSO among other things.

LetWindowsMng DefaultPrinter
Type: User
HCU registry - LegacyDefaultPrinterMode set to '0'. Enables "Let Windows Manage Default Printer" on Windows 10. Is set to "Apply once and do not reapply".
Office 2016
Type: User

1. Do not use graphics acceleration - Enabled

2. Trust Center settings (five items)

3. Subscription activation with federated credentials

4.1 Automatically configure profile based on AD's primary SMTP
4.2 Cached Exchange enabled (new profiles) - full items
4.3 Sync One year
4.4 Cache Exchange Mode for new and existing profiles

5. Delegates: Disable shared mail folder caching

6. HCU Registry - ArchiveIgnoreLastModifiedTime

RDS SSO Configuration
Type: User
Default connection URL. Points remoteapp to rdweb.nerdio.net.
Type: User
Set screen saver timeout to 1,200 seconds.
Type: User
Run numlock.vbs on user login. Enables Num Lock on login.
Adobe Acrobat Reader DC

Disable Adobe Acrobat Reader DC Protected Mode (this is added in two locations to cover both normal & Hybrid AD environments)


Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.