Windows Server 2012 and Windows 8 Group Policy Settings

Group Policy Settings Reference
Windows Server 2012 and Windows 8

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with
Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,
Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).
You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.
What's New
The Administrative Template spreadsheet contains three columns that provide more information about each policy setting's behavior related to reboots, logoffs, and schema extensions.
These columns are the following:
Reboot Required: A "Yes" in this column means that the Windows operating systems requires a restart before it applies the described policy setting.
Logoff Required: A "Yes" in this column means that the Windows operating system requires the user to log off and log on again before it applies the described policy setting.
Active Directory Schema or Domain Requirements: A "Yes" in this column means that you must extend the Active Directory schema before you can deploy this policy setting.
Status: A "New" in this column means that the setting did not exist prior to Windows Server 2012 and Windows 8. It does not mean that the setting applies only to Windows Server 2012
and Windows 8. Refer to the column entitled "supported on" to determine to which operating system the policy setting applies.
Legal Notice
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
2012 Microsoft Corporation. All rights reserved.
Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,
and Windows Vista are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners.
This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with
Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,
Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).
You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.
The Administrative Template spreadsheet contains three columns that provide more information about each policy setting's behavior related to reboots, logoffs, and schema extensions.
Reboot Required: A "Yes" in this column means that the Windows operating systems requires a restart before it applies the described policy setting.
Logoff Required: A "Yes" in this column means that the Windows operating system requires the user to log off and log on again before it applies the described policy setting.
Active Directory Schema or Domain Requirements: A "Yes" in this column means that you must extend the Active Directory schema before you can deploy this policy setting.
Status: A "New" in this column means that the setting did not exist prior to Windows Server 2012 and Windows 8. It does not mean that the setting applies only to Windows Server 2012
and Windows 8. Refer to the column entitled "supported on" to determine to which operating system the policy setting applies.
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
Status File Name
ActiveXInstallService.admx
ActiveXInstallService.admx
AddRemovePrograms.admx
adfs.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
New AppxPackageManager.admx
New AppxPackageManager.admx
New AppXRuntime.admx
AttachmentManager.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
Biometrics.admx
Biometrics.admx
Biometrics.admx
Biometrics.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
CEIPEnable.admx
CEIPEnable.admx
CipherSuiteOrder.admx
COM.admx
COM.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
ControlPanel.admx
ControlPanel.admx
ControlPanel.admx
ControlPanel.admx
ControlPanelDisplay.admx
New ControlPanelDisplay.admx
Cpls.admx
CredentialProviders.admx
CredentialProviders.admx
New CredentialProviders.admx
New CredentialProviders.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredUI.admx
CredUI.admx
New CredUI.admx
New CredUI.admx
CtrlAltDel.admx
CtrlAltDel.admx
CtrlAltDel.admx
CtrlAltDel.admx
DCOM.admx
DCOM.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
New DeviceCompat.admx
New DeviceCompat.admx
DeviceInstallation.admx
DeviceRedirection.admx
DeviceRedirection.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
New DeviceSetup.admx
DeviceSetup.admx
DFS.admx
DigitalLocker.admx
DigitalLocker.admx
DiskDiagnostic.admx
DiskDiagnostic.admx
DiskNVCache.admx
DiskNVCache.admx
DiskNVCache.admx
DiskNVCache.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DistributedLinkTracking.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
New DnsClient.admx
New DnsClient.admx
New DnsClient.admx
New DnsClient.admx
New DnsClient.admx
New DnsClient.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
New DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EAIME.admx
New EarlyLaunchAM.admx
New EdgeUI.admx
New EdgeUI.admx
EncryptFilesonMove.admx
EnhancedStorage.admx
New EnhancedStorage.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
New ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
EventForwarding.admx
EventForwarding.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventViewer.admx
EventViewer.admx
EventViewer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
New ExternalBoot.admx
New FileHistory.admx
FileRecovery.admx
New FileServerVSSAgent.admx
New FileServerVSSProvider.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
New FileSys.admx
FolderRedirection.admx
New FolderRedirection.admx
FramePanes.admx
FramePanes.admx
fthsvc.admx
GameExplorer.admx
GameExplorer.admx
GameExplorer.admx
Globalization.admx
Globalization.admx
Globalization.admx
New Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
GroupPolicy-Server.admx
New grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
GroupPolicyPreferences.admx
Help.admx
Help.admx
Help.admx
Help.admx
HelpAndSupport.admx
HelpAndSupport.admx
HelpAndSupport.admx
HelpAndSupport.admx
New hotspotauth.admx
HotStart.admx
HotStart.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
New ICM.admx
New ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
IIS.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
inetres.admx
inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
New inetres.admx
InkWatson.admx
InkWatson.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
kdc.admx
kdc.admx
New kdc.admx
New kdc.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
New kerberos.admx
New kerberos.admx
New kerberos.admx
New kerberos.admx
New kerberos.admx
New kerberos.admx
LanmanServer.admx
New LanmanServer.admx
LeakDiagnostic.admx
LinkLayerTopologyDiscovery.admx
LinkLayerTopologyDiscovery.admx
New LocationProviderAdm.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
New Logon.admx
Logon.admx
New Logon.admx
New Logon.admx
New Logon.admx
MediaCenter.admx
MediaCenter.admx
MMC.admx
MMC.admx
MMC.admx
MMC.admx
MMC.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MobilePCMobilityCenter.admx
MobilePCMobilityCenter.admx
MobilePCPresentationSettings.admx
MobilePCPresentationSettings.admx
New msched.admx
New msched.admx
New msched.admx
MSDT.admx
MSDT.admx
MSDT.admx
Msi-FileRecovery.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
New msi.admx
New msi.admx
NAPXPQec.admx
New nca.admx
New nca.admx
New nca.admx
New nca.admx
New nca.admx
New nca.admx
New nca.admx
New nca.admx
NCSI.admx
NCSI.admx
NCSI.admx
NCSI.admx
NCSI.admx
New NCSI.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
New NetLogon.admx
New NetLogon.admx
New NetLogon.admx
NetworkConnections.admx
New NetworkIsolation.admx
NetworkProjection.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
New OfflineFiles.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
ParentalControls.admx
New pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
PeerToPeerCaching.admx
New PeerToPeerCaching.admx
PenTraining.admx
PenTraining.admx
PerfCenterCPL.admx
PerfCenterCPL.admx
PerfCenterCPL.admx
PerfCenterCPL.admx
PerfCenterCPL.admx
PerfCenterCPL.admx
PerformanceDiagnostics.admx
PerformancePerftrack.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
PowerShellExecutionPolicy.admx
PowerShellExecutionPolicy.admx
New PowerShellExecutionPolicy.admx
PreviousVersions.admx
Printing.admx
New Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
New Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
New Printing.admx
New Printing.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
PswdSync.admx
PswdSync.admx
PswdSync.admx
PswdSync.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
RacWmiProv.admx
Radar.admx
ReAgent.admx
Reliability.admx
Reliability.admx
Reliability.admx
Reliability.admx
RemoteAssistance.admx
RemovableStorage.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
sdiageng.admx
sdiageng.admx
sdiageng.admx
sdiagschd.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
New Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
New Search.admx
SearchOCR.admx
SearchOCR.admx
SecurityCenter.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
ServerManager.admx
ServerManager.admx
ServerManager.admx
ServerManager.admx
Servicing.admx
New SettingSync.admx
Setup.admx
Setup.admx
ShapeCollector.admx
ShapeCollector.admx
SharedFolders.admx
SharedFolders.admx
Sharing.admx
Sharing.admx
Shell-CommandPrompt-RegEditTools.admx
ShellWelcomeCenter.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
SideShow.admx
SideShow.admx
SideShow.admx
SideShow.admx
SideShow.admx
SideShow.admx
SideShow.admx
SideShow.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
Snis.admx
Snis.admx
Snmp.admx
Snmp.admx
Snmp.admx
SoundRec.admx
SoundRec.admx
New srm-fci.admx
New srm-fci.admx
srm-fci.admx
New srm-fci.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
New StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
New StartMenu.admx
StartMenu.admx
New StartMenu.admx
SystemResourceManager.admx
SystemRestore.admx
SystemRestore.admx
TabletPCInputPanel.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
New Taskbar.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
New tcpip.admx
Terminalserver-Server.admx
New Terminalserver-Server.admx
New Terminalserver-Server.admx
New TerminalServer-WinIP.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
New TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
Thumbnails.admx
Thumbnails.admx
Thumbnails.admx
TouchInput.admx
TouchInput.admx
TouchInput.admx
TouchInput.admx
New Tpm.admx
New Tpm.admx
Tpm.admx
Tpm.admx
Tpm.admx
New Tpm.admx
New Tpm.admx
New Tpm.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserDataBackup.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
New UserProfiles.admx
VolumeEncryption.admx
New VolumeEncryption.admx
W32Time.admx
W32Time.admx
W32Time.admx
W32Time.admx
New WCM.admx
New WCM.admx
New WCM.admx
New WCM.admx
wdi.admx
wdi.admx
WinCal.admx
WinCal.admx
WindowsAnytimeUpgrade.admx
WindowsAnytimeUpgrade.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsColorSystem.admx
WindowsColorSystem.admx
WindowsConnectNow.admx
WindowsDefender.admx
WindowsExplorer.admx
New WindowsExplorer.admx
WindowsFileProtection.admx
windowsfirewall.admx
WindowsMail.admx
WindowsMail.admx
WindowsMail.admx
WindowsMail.admx
WindowsMediaDRM.admx
WindowsMediaPlayer.admx
WindowsMessenger.admx
WindowsRemoteManagement.admx
New WindowsRemoteManagement.admx
WindowsRemoteShell.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WinInit.admx
WinInit.admx
New WinInit.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
Winsrv.admx
New WinStoreUI.admx
New WinStoreUI.admx
New WinStoreUI.admx
New WinStoreUI.admx
New wlansvc.admx
WordWheel.admx
New WPN.admx
New WPN.admx
New WPN.admx
New WPN.admx
New wwansvc.admx
New wwansvc.admx
Policy Setting Name Scope
Approved Installation Sites for ActiveX Controls Machine
Establish ActiveX installation policy for sites in Trusted zones Machine
Specify default category for Add New Programs User
Hide the "Add a program from CD-ROM or floppy disk" option User
Hide the "Add programs from Microsoft" option User
Hide the "Add programs from your network" option User
Hide Add New Programs page User
Remove Add or Remove Programs User
Hide the Set Program Access and Defaults page User
Hide Change or Remove Programs page User
Go directly to Components Wizard User
Remove Support Information User
Hide Add/Remove Windows Components page User
Turn off Federation Service Machine
Prevent access to 16-bit applications Machine
Remove Program Compatibility Property Page Machine
Turn off Application Telemetry Machine
Turn off SwitchBack Compatibility Engine Machine
Turn off Application Compatibility Engine Machine
Turn off Program Compatibility Assistant User
Turn off Program Compatibility Assistant Machine
Turn off Steps Recorder Machine
Turn off Inventory Collector Machine
Allow all trusted apps to install Machine
Allow deployment operations in special profiles Machine
Block launching desktop apps associated with a file. Machine
Block launching desktop apps associated with a file. User
Block launching desktop apps associated with a protocol Machine
Block launching desktop apps associated with a protocol User
Notify antivirus programs when opening attachments User
Trust logic for file attachments User
Do not preserve zone information in file attachments User
Hide mechanisms to remove zone information User
Default risk level for file attachments User
Inclusion list for high risk file types User
Inclusion list for low file types User
Inclusion list for moderate risk file types User
Set the default behavior for AutoRun Machine
Set the default behavior for AutoRun User
Prevent AutoPlay from remembering user choices. Machine
Prevent AutoPlay from remembering user choices. User
Turn off Autoplay Machine
Turn off Autoplay User
Disallow Autoplay for non-volume devices Machine
Disallow Autoplay for non-volume devices User
Allow the use of biometrics Machine
Allow users to log on using biometrics Machine
Allow domain users to log on using biometrics Machine
Specify timeout for fast user switching events Machine
Timeout for inactive BITS jobs Machine
Limit the maximum BITS job download time Machine
Limit the maximum network bandwidth for BITS background transfers Machine
Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers Machine
Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers Machine
Allow BITS Peercaching Machine
Limit the age of files in the BITS Peercache Machine
Limit the BITS Peercache size Machine
Do not allow the computer to act as a BITS Peercaching client Machine
Do not allow the computer to act as a BITS Peercaching server Machine
Limit the maximum network bandwidth used for Peercaching Machine
Set default download behavior for BITS jobs on costed networks Machine
Limit the maximum number of BITS jobs for this computer Machine
Limit the maximum number of BITS jobs for each user Machine
Limit the maximum number of files allowed in a BITS job Machine
Limit the maximum number of ranges that can be added to the file in a BITS job Machine
Do not allow the BITS client to use Windows Branch Cache Machine
Allow Corporate redirection of Customer Experience Improvement uploads Machine
Tag Windows Customer Experience Improvement data with Study Identifier Machine
SSL Cipher Suite Order Machine
Download missing COM components User
Download missing COM components Machine
Disable application Sharing User
Prevent Control User
Prevent Sharing User
Prevent Sharing Command Prompts User
Prevent Desktop Sharing User
Prevent Sharing Explorer windows User
Prevent Application Sharing in true color User
Disable Audio User
Prevent changing DirectSound Audio setting User
Disable full duplex Audio User
Prevent receiving Video User
Prevent sending Video User
Limit the bandwidth of Audio and Video User
Allow persisting automatic acceptance of Calls User
Disable Chat User
Disable Whiteboard User
Disable NetMeeting 2.x Whiteboard User
Disable remote Desktop Sharing Machine
Enable Automatic Configuration User
Prevent adding Directory servers User
Prevent automatic acceptance of Calls User
Prevent changing Call placement method User
Disable Directory services User
Prevent receiving files User
Prevent sending files User
Prevent viewing Web directory User
Limit the size of sent files User
Set the intranet support Web page User
Set Call Security options User
Disable the Advanced Calling button User
Hide the Audio page User
Hide the General page User
Hide the Security page User
Hide the Video page User
Hide specified Control Panel items User
Always open All Control Panel Items when opening Control Panel User
Prohibit access to Control Panel and PC settings User
Show only specified Control Panel items User
Disable the Display Control Panel User
Hide Settings tab User
Prevent changing color and appearance User
Prevent changing screen saver User
Enable screen saver User
Force specific screen saver User
Password protect the screen saver User
Screen saver timeout User
Prevent changing desktop background User
Prevent changing sounds User
Prevent changing mouse pointers User
Prevent changing desktop icons User
Prevent changing color scheme User
Prevent changing theme User
Load a specific theme User
Prevent changing visual style for windows and buttons User
Force a specific visual style file or force Windows Classic User
Prohibit selection of visual style font size User
Do not display the lock screen Machine
Prevent changing lock screen image Machine
Prevent changing start menu background Machine
Apply the default account picture to all users Machine
Assign a default domain for logon Machine
Exclude credential providers Machine
Turn on PIN sign-in Machine
Turn off picture password sign-in Machine
Allow delegating default credentials Machine
Allow delegating default credentials with NTLM-only server authentication Machine
Allow delegating fresh credentials Machine
Allow delegating fresh credentials with NTLM-only server authentication Machine
Allow delegating saved credentials Machine
Allow delegating saved credentials with NTLM-only server authentication Machine
Deny delegating default credentials Machine
Deny delegating fresh credentials Machine
Deny delegating saved credentials Machine
Enumerate administrator accounts on elevation Machine
Require trusted path for credential entry Machine
Do not display the password reveal button Machine
Do not display the password reveal button User
Remove Change Password User
Remove Lock Computer User
Remove Task Manager User
Remove Logoff User
Allow local activation security check exemptions Machine
Define Activation Security Check exemptions Machine
Enable Active Desktop User
Disable Active Desktop User
Prohibit changes User
Add/Delete items User
Prohibit adding items User
Prohibit closing items User
Prohibit deleting items User
Prohibit editing items User
Disable all items User
Allow only bitmapped wallpaper User
Desktop Wallpaper User
Enable filter in Find dialog box User
Hide Active Directory folder User
Maximum size of Active Directory searches User
Prohibit User from manually redirecting Profile Folders User
Hide and disable all items on the desktop User
Remove the Desktop Cleanup Wizard User
Hide Internet Explorer icon on desktop User
Remove Computer icon on the desktop User
Remove My Documents icon on the desktop User
Hide Network Locations icon on desktop User
Remove Properties from the Computer icon context menu User
Remove Properties from the Documents icon context menu User
Do not add shares of recently opened documents to Network Locations User
Remove Recycle Bin icon from desktop User
Remove Properties from the Recycle Bin context menu User
Don't save settings at exit User
Prevent adding, dragging, dropping and closing the Taskbar's toolbars User
Prohibit adjusting desktop toolbars User
Turn off Aero Shake window minimizing mouse gesture User
Device compatibility settings Machine
Driver compatibility settings Machine
Prioritize all digitally signed drivers equally during the driver ranking and selection process Machine
Configure device installation time-out Machine
Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point Machine
Allow remote access to the Plug and Play interface Machine
Allow administrators to override Device Installation Restriction policies Machine
Allow installation of devices using drivers that match these device setup classes Machine
Prevent installation of devices using drivers that match these device setup classes Machine
Allow installation of devices that match any of these device IDs Machine
Prevent installation of devices that match any of these device IDs Machine
Prevent installation of removable devices Machine
Prevent installation of devices not described by other policy settings Machine
Time (in seconds) to force reboot when required for policy changes to take effect Machine
Display a custom message title when device installation is prevented by a policy setting Machine
Display a custom message when installation is prevented by a policy setting Machine
Allow non-administrators to install drivers for these device setup classes Machine
Code signing for device drivers User
Prevent redirection of USB devices Machine
Prevent redirection of devices that match any of these device Ids Machine
Turn off "Found New Hardware" balloons during device installation Machine
Do not send a Windows error report when a generic driver is installed on a device Machine
Prevent Windows from sending an error report when a device driver requests additional software during installation Machine
Configure driver search locations User
Turn off Windows Update device driver search prompt User
Turn off Windows Update device driver search prompt Machine
Specify search order for device driver source locations Machine
Specify the search server for device driver updates Machine
Prevent device metadata retrieval from the Internet Machine
Configure how often a DFS client discovers domain controllers Machine
Do not allow Digital Locker to run User
Do not allow Digital Locker to run Machine
Disk Diagnostic: Configure custom alert text Machine
Disk Diagnostic: Configure execution level Machine
Turn off boot and resume optimizations Machine
Turn off cache power mode Machine
Turn off non-volatile cache feature Machine
Turn off solid state mode Machine
Enable disk quotas Machine
Enforce disk quota limit Machine
Specify default quota limit and warning level Machine
Log event when quota limit is exceeded Machine
Log event when quota warning level is exceeded Machine
Apply policy to removable media Machine
Allow Distributed Link Tracking clients to use domain resources Machine
Connection-specific DNS suffix Machine
DNS servers Machine
Primary DNS suffix Machine
Register DNS records with connection-specific DNS suffix Machine
Register PTR records Machine
Dynamic update Machine
Replace addresses in conflicts Machine
Registration refresh interval Machine
TTL value for A and PTR records Machine
DNS suffix search list Machine
Update security level Machine
Update top level domain zones Machine
Primary DNS suffix devolution Machine
Primary DNS suffix devolution level Machine
Turn off multicast name resolution Machine
Allow DNS suffix appending to unqualified multi-label name queries Machine
Turn off smart multi-homed name resolution Machine
Turn off smart protocol reordering Machine
Allow NetBT queries for fully qualified domain names Machine
Prefer link local responses over DNS when received over a network with higher precedence Machine
Turn off IDN encoding Machine
IDN mapping Machine
Do not allow window animations User
Do not allow window animations Machine
Do not allow Flip3D invocation User
Do not allow Flip3D invocation Machine
Use solid color for Start background Machine
Specify a default color User
Specify a default color Machine
Do not allow color changes User
Do not allow color changes Machine
Turn on misconversion logging for misconversion report User
Turn off saving auto-tuning data to file User
Turn off history-based predictive input User
Turn off Open Extended Dictionary User
Turn off Internet search integration User
Turn off custom dictionary User
Restrict character code range of conversion User
Do not include Non-Publishing Standard Glyph in the candidate list User
Boot-Start Driver Initialization Policy Machine
Turn off switching between recent apps User
Turn off tracking of app usage User
Do not automatically encrypt files moved to encrypted folders Machine
Allow only USB root hub connected Enhanced Storage devices Machine
Allow Enhanced Storage certificate provisioning Machine
Lock Enhanced Storage when the computer is locked Machine
Do not allow non-Enhanced Storage removable devices Machine
Do not allow password authentication of Enhanced Storage devices Machine
Do not allow Windows to activate Enhanced Storage devices Machine
Configure list of IEEE 1667 silos usable on your computer Machine
Configure list of Enhanced Storage devices usable on your computer Machine
Configure Error Reporting Machine
Display Error Notification Machine
Disable Windows Error Reporting User
Disable Windows Error Reporting Machine
Prevent display of the user interface for critical errors Machine
Disable logging User
Disable logging Machine
Do not send additional data User
Do not send additional data Machine
Do not throttle additional data User
Do not throttle additional data Machine
Send additional data when on battery power User
Send additional data when on battery power Machine
Send data when on connected to a restricted/costed network User
Send data when on connected to a restricted/costed network Machine
Default application reporting settings Machine
List of applications to never report errors for Machine
List of applications to always report errors for Machine
Report operating system errors Machine
Configure Report Archive User
Configure Report Archive Machine
Configure Corporate Windows Error Reporting Machine
List of applications to be excluded User
List of applications to be excluded Machine
Configure Report Queue User
Configure Report Queue Machine
Customize consent settings User
Customize consent settings Machine
Ignore custom consent settings User
Ignore custom consent settings Machine
Configure Default consent User
Configure Default consent Machine
Configure target Subscription Manager Machine
Configure forwarder resource usage Machine
Back up log automatically when full Machine
Configure log access Machine
Control Event Log behavior when the log file reaches its maximum size Machine
Control the location of the log file Machine
Specify the maximum log file size (KB) Machine
Turn on logging Machine
Events.asp program Machine
Events.asp program command line parameters Machine
Events.asp URL Machine
Display the menu bar in File Explorer User
Prevent users from adding files to the root of their Users Files folder. User
Turn off common control and window animations User
Turn off Data Execution Prevention for Explorer Machine
Turn off heap termination on corruption Machine
Set a support web page link Machine
Windows To Go Default Startup Options Machine
Allow hibernate (S4) when starting from a Windows To Go workspace Machine
Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace Machine
Turn off File History Machine
Configure Corrupted File Recovery behavior Machine
Configure maximum age of file server shadow copies Machine
Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. Machine
Selectively allow the evaluation of a symbolic link Machine
Do not allow compression on all NTFS volumes Machine
Do not allow encryption on all NTFS volumes Machine
Enable NTFS pagefile encryption Machine
Short name creation options Machine
Disable delete notifications on all volumes Machine
Enable / disable TXF deprecated features Machine
Use localized subfolder names when redirecting Start Menu and My Documents User
Do not automatically make all redirected folders available offline User
Do not automatically make specific redirected folders available offline User
Use localized subfolder names when redirecting Start Menu and My Documents Machine
Enable optimized move of contents in Offline Files cache on Folder Redirection server path change User
Redirect folders on primary computers only User
Redirect folders on primary computers only Machine
Turn on or off details pane User
Turn off Preview Pane User
Configure Scenario Execution Level Machine
Turn off downloading of game information Machine
Turn off tracking of last play time of games in the Games folder Machine
Turn off game updates Machine
Disallow selection of Custom Locales User
Disallow selection of Custom Locales Machine
Restrict system locales Machine
Disallow copying of user input methods to the system account for sign-in Machine
Restrict user locales User
Restrict user locales Machine
Disallow changing of geographic location User
Disallow changing of geographic location Machine
Disallow user override of locale settings User
Disallow user override of locale settings Machine
Hide Regional and Language Options administrative options User
Hide the geographic location option User
Hide the select language group options User
Hide user locale selection and customization options User
Restricts the UI language Windows uses for all logged users Machine
Restricts the UI languages Windows should use for the selected user User
Force selected system UI language to overwrite the user UI language Machine
Restrict selection of Windows menus and dialogs language User
Turn off offer text predictions as I type User
Turn off insert a space after selecting a text prediction User
Turn off autocorrect misspelled words User
Turn off highlight misspelled words User
Block clean-up of unused language packs Machine
Century interpretation for Year 2000 User
Turn off automatic learning User
Turn off automatic learning Machine
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services Machine
Enable AD/DFS domain controller synchronization during policy refresh Machine
Turn off Group Policy Client Service AOAC optimization Machine
Configure Direct Access connections as a fast network connection Machine
Change Group Policy processing to run asynchronously when a slow network connection is detected. Machine
Turn off Local Group Policy Objects processing Machine
Specify startup policy processing wait time Machine
Allow cross-forest user policy and roaming user profiles Machine
Configure software Installation policy processing Machine
Configure disk quota policy processing Machine
Configure EFS recovery policy processing Machine
Configure folder redirection policy processing Machine
Configure Internet Explorer Maintenance policy processing Machine
Configure IP security policy processing Machine
Configure registry policy processing Machine
Configure scripts policy processing Machine
Configure security policy processing Machine
Configure wireless policy processing Machine
Configure wired policy processing Machine
Determine if interactive users can generate Resultant Set of Policy data User
Determine if interactive users can generate Resultant Set of Policy data Machine
Turn off automatic update of ADM files User
Turn off background refresh of Group Policy Machine
Remove users' ability to invoke machine policy refresh Machine
Enforce Show Policies Only User
Configure Group Policy domain controller selection User
Configure Group Policy slow link detection User
Configure Group Policy slow link detection Machine
Set Group Policy refresh interval for computers Machine
Set Group Policy refresh interval for domain controllers Machine
Set Group Policy refresh interval for users User
Set default name for new Group Policy objects User
Create new Group Policy Object links disabled by default User
Always use local ADM files for Group Policy Object Editor Machine
Turn off Resultant Set of Policy logging Machine
Configure user Group Policy loopback processing mode Machine
Specify workplace connectivity wait time for policy processing Machine
Configure Applications preference extension policy processing Machine
Configure Applications preference logging and tracing Machine
Configure Data Sources preference extension policy processing Machine
Configure Data Sources preference logging and tracing Machine
Configure Devices preference extension policy processing Machine
Configure Devices preference logging and tracing Machine
Configure Drive Maps preference extension policy processing Machine
Configure Drive Maps preference logging and tracing Machine
Configure Environment preference extension policy processing Machine
Configure Environment preference logging and tracing Machine
Configure Files preference extension policy processing Machine
Configure Files preference logging and tracing Machine
Configure Folder Options preference extension policy processing Machine
Configure Folder Options preference logging and tracing Machine
Configure Folders preference extension policy processing Machine
Configure Folders preference logging and tracing Machine
Configure Ini Files preference extension policy processing Machine
Configure Ini Files preference logging and tracing Machine
Configure Internet Settings preference extension policy processing Machine
Configure Internet Settings preference logging and tracing Machine
Configure Local Users and Groups preference extension policy processing Machine
Configure Local Users and Groups preference logging and tracing Machine
Configure Network Options preference extension policy processing Machine
Configure Network Options preference logging and tracing Machine
Configure Network Shares preference extension policy processing Machine
Configure Network Shares preference logging and tracing Machine
Configure Power Options preference extension policy processing Machine
Configure Power Options preference logging and tracing Machine
Configure Printers preference extension policy processing Machine
Configure Printers preference logging and tracing Machine
Configure Regional Options preference extension policy processing Machine
Configure Regional Options preference logging and tracing Machine
Configure Registry preference extension policy processing Machine
Configure Registry preference logging and tracing Machine
Configure Scheduled Tasks preference extension policy processing Machine
Configure Scheduled Tasks preference logging and tracing Machine
Configure Services preference extension policy processing Machine
Configure Services preference logging and tracing Machine
Configure Shortcuts preference extension policy processing Machine
Configure Shortcuts preference logging and tracing Machine
Configure Start Menu preference extension policy processing Machine
Configure Start Menu preference logging and tracing Machine
Permit use of Application snap-ins User
Permit use of Applications preference extension User
Permit use of Control Panel Settings (Computers) User
Permit use of Data Sources preference extension User
Permit use of Devices preference extension User
Permit use of Drive Maps preference extension User
Permit use of Environment preference extension User
Permit use of Files preference extension User
Permit use of Folders preference extension User
Permit use of Folder Options preference extension User
Permit use of Ini Files preference extension User
Permit use of Internet Settings preference extension User
Permit use of Local Users and Groups preference extension User
Permit use of Network Options preference extension User
Permit use of Network Shares preference extension User
Permit use of Power Options preference extension User
Permit use of Printers preference extension User
Permit use of Regional Options preference extension User
Permit use of Registry preference extension User
Permit use of Scheduled Tasks preference extension User
Permit use of Services preference extension User
Permit use of Shortcuts preference extension User
Permit use of Start Menu preference extension User
Permit use of Control Panel Settings (Users) User
Permit use of Preferences tab User
Restrict potentially unsafe HTML Help functions to specified folders Machine
Restrict these programs from being launched from Help User
Restrict these programs from being launched from Help Machine
Turn off Data Execution Prevention for HTML Help Executible Machine
Turn off Active Help Machine
Turn off Help Ratings User
Turn off Help Experience Improvement Program User
Turn off Windows Online User
Enable Hotspot Authentication Machine
Turn off Windows HotStart User
Turn off Windows HotStart Machine
Restrict Internet communication User
Restrict Internet communication Machine
Turn off Automatic Root Certificates Update Machine
Turn off printing over HTTP User
Turn off printing over HTTP Machine
Turn off downloading of print drivers over HTTP User
Turn off downloading of print drivers over HTTP Machine
Turn off Windows Update device driver searching Machine
Turn off Event Viewer "Events.asp" links Machine
Turn off Help and Support Center "Did you know?" content Machine
Turn off Help and Support Center Microsoft Knowledge Base search Machine
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com Machine
Turn off Registration if URL connection is referring to Microsoft.com Machine
Turn off Windows Error Reporting Machine
Turn off access to all Windows Update features Machine
Turn off Search Companion content file updates Machine
Turn off Internet File Association service User
Turn off Internet File Association service Machine
Turn off access to the Store User
Turn off access to the Store Machine
Turn off Internet download for Web publishing and online ordering wizards User
Turn off Internet download for Web publishing and online ordering wizards Machine
Turn off the "Order Prints" picture task User
Turn off the "Order Prints" picture task Machine
Turn off the "Publish to Web" task for files and folders User
Turn off the "Publish to Web" task for files and folders Machine
Turn off the Windows Messenger Customer Experience Improvement Program User
Turn off the Windows Messenger Customer Experience Improvement Program Machine
Turn off Windows Customer Experience Improvement Program Machine
Turn off Windows Network Connectivity Status Indicator active tests Machine
Prevent IIS installation Machine
Audio/Video Player User
Carpoint User
DHTML Edit Control User
Shockwave Flash User
Investor User
Menu Controls User
Microsoft Agent User
Microsoft Chat User
MSNBC User
NetShow File Transfer Control User
Microsoft Scriptlet Component User
Microsoft Survey Control User
Turn off flip ahead feature Machine
Turn off flip ahead feature User
Allow active content from CDs to run on user machines Machine
Allow active content from CDs to run on user machines User
Check for server certificate revocation Machine
Check for server certificate revocation User
Turn off ClearType Machine
Turn off ClearType User
Turn on Caret Browsing support Machine
Turn on Caret Browsing support User
Turn on Enhanced Protected Mode Machine
Turn on Enhanced Protected Mode User
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled Machine
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled User
Always send Do Not Track header Machine
Always send Do Not Track header User
Use HTTP 1.1 Machine
Use HTTP 1.1 User
Use HTTP 1.1 through proxy connections Machine
Use HTTP 1.1 through proxy connections User
Turn off encryption support Machine
Turn off encryption support User
Do not allow resetting Internet Explorer settings Machine
Do not allow resetting Internet Explorer settings User
Check for signatures on downloaded programs Machine
Check for signatures on downloaded programs User
Allow third-party browser extensions Machine
Allow third-party browser extensions User
Allow Install On Demand (Internet Explorer) Machine
Allow Install On Demand (Internet Explorer) User
Allow Install On Demand (except Internet Explorer) Machine
Allow Install On Demand (except Internet Explorer) User
Automatically check for Internet Explorer updates Machine
Automatically check for Internet Explorer updates User
Allow software to run or install even if the signature is invalid Machine
Allow software to run or install even if the signature is invalid User
Play animations in web pages Machine
Play animations in web pages User
Play sounds in web pages Machine
Play sounds in web pages User
Play videos in web pages Machine
Play videos in web pages User
Turn off Profile Assistant Machine
Turn off Profile Assistant User
Do not save encrypted pages to disk Machine
Do not save encrypted pages to disk User
Empty Temporary Internet Files folder when browser is closed Machine
Empty Temporary Internet Files folder when browser is closed User
Show Content Advisor on Internet Options Machine
Show Content Advisor on Internet Options User
Turn on inline AutoComplete User
Turn off inline AutoComplete in File Explorer User
Go to an intranet site for a one-word entry in the Address bar Machine
Go to an intranet site for a one-word entry in the Address bar User
Turn on script debugging User
Turn off details in messages about Internet connection problems User
Turn off page transitions User
Turn on the display of script errors User
Turn off smooth scrolling User
Turn off configuring underline links User
Subscription Limits User
Disable adding channels User
Disable adding schedules for offline pages User
Disable offline page hit logging User
Disable channel user interface completely User
Disable editing and creating of schedule groups User
Disable editing schedules for offline pages User
Disable removing channels User
Disable removing schedules for offline pages User
Disable all scheduled offline pages User
Disable downloading of site subscription content User
Prevent specifying the code download path for each computer Machine
Prevent choosing default text size User
Disable the Advanced page Machine
Disable the Advanced page User
Disable the Connections page Machine
Disable the Connections page User
Disable the Content page Machine
Disable the Content page User
Disable the General page Machine
Disable the General page User
Disable the Privacy page Machine
Disable the Privacy page User
Disable the Programs page Machine
Disable the Programs page User
Disable the Security page Machine
Disable the Security page User
Send internationalized domain names Machine
Send internationalized domain names User
Use UTF-8 for mailto links Machine
Use UTF-8 for mailto links User
Prevent ignoring certificate errors Machine
Prevent ignoring certificate errors User
Turn off sending URLs as UTF-8 (requires restart) User
Prevent specifying background color User
Prevent specifying text color User
Prevent the use of Windows colors User
Prevent specifying cipher strength update information URLs Machine
Start the Internet Connection Wizard automatically User
Add-on List Machine
Add-on List User
Deny all add-ons unless specifically allowed in the Add-on List Machine
Deny all add-ons unless specifically allowed in the Add-on List User
All Processes Machine
All Processes User
Process List Machine
Process List User
Admin-approved behaviors Machine
Admin-approved behaviors User
Install binaries signed by MD2 and MD4 signing technologies Machine
Install binaries signed by MD2 and MD4 signing technologies User
All Processes User
Internet Explorer Processes Machine
Internet Explorer Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
All Processes User
Process List User
Internet Zone Restricted Protocols Machine
Internet Zone Restricted Protocols User
Intranet Zone Restricted Protocols Machine
Intranet Zone Restricted Protocols User
Local Machine Zone Restricted Protocols Machine
Local Machine Zone Restricted Protocols User
Restricted Sites Zone Restricted Protocols Machine
Restricted Sites Zone Restricted Protocols User
Trusted Sites Zone Restricted Protocols Machine
Trusted Sites Zone Restricted Protocols User
Turn off Crash Detection Machine
Turn off Crash Detection User
Turn off Automatic Crash Recovery Machine
Turn off Automatic Crash Recovery User
Turn off Reopen Last Browsing Session Machine
Turn off Reopen Last Browsing Session User
Do not allow users to enable or disable add-ons Machine
Do not allow users to enable or disable add-ons User
Add a specific list of search providers to the user's list of search providers Machine
Add a specific list of search providers to the user's list of search providers User
Turn on menu bar by default Machine
Turn on menu bar by default User
Turn off Favorites bar Machine
Turn off Favorites bar User
Disable caching of Auto-Proxy scripts User
Disable external branding of Internet Explorer User
Disable changing Advanced page settings User
Customize user agent string Machine
Customize user agent string User
Use Automatic Detection for dial-up connections User
Prevent "Fix settings" functionality Machine
Prevent "Fix settings" functionality User
Prevent managing the phishing filter Machine
Prevent managing the phishing filter User
Turn off Managing SmartScreen Filter for Internet Explorer 8 Machine
Turn off Managing SmartScreen Filter for Internet Explorer 8 User
Prevent managing SmartScreen Filter Machine
Prevent managing SmartScreen Filter User
Prevent bypassing SmartScreen Filter warnings Machine
Prevent bypassing SmartScreen Filter warnings User
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet Machine
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet User
Turn off the Security Settings Check feature Machine
Turn off the Security Settings Check feature User
Position the menu bar above the navigation bar User
Prevent changing pop-up filter level Machine
Prevent changing pop-up filter level User
Display error message on proxy script download failure User
Turn on compatibility logging Machine
Turn on compatibility logging User
Enforce full-screen mode Machine
Enforce full-screen mode User
Disable Import/Export Settings wizard Machine
Disable Import/Export Settings wizard User
Turn off browser geolocation Machine
Turn off browser geolocation User
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects Machine
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects User
Turn off page-zooming functionality Machine
Turn off page-zooming functionality User
Identity Manager: Prevent users from using Identities User
Automatically activate newly installed add-ons Machine
Automatically activate newly installed add-ons User
Turn off add-on performance notifications Machine
Turn off add-on performance notifications User
Turn on ActiveX Filtering Machine
Turn on ActiveX Filtering User
Configure Media Explorer Bar User
Prevent access to Delete Browsing History Machine
Prevent access to Delete Browsing History User
Prevent deleting form data Machine
Prevent deleting form data User
Prevent deleting passwords Machine
Prevent deleting passwords User
Prevent deleting cookies Machine
Prevent deleting cookies User
Prevent deleting websites that the user has visited Machine
Prevent deleting websites that the user has visited User
Prevent deleting download history Machine
Prevent deleting download history User
Prevent deleting temporary Internet files Machine
Prevent deleting temporary Internet files User
Prevent deleting InPrivate Filtering data Machine
Prevent deleting InPrivate Filtering data User
Prevent deleting ActiveX Filtering and Tracking Protection data Machine
Prevent deleting ActiveX Filtering and Tracking Protection data User
Prevent deleting favorites site data Machine
Prevent deleting favorites site data User
Allow deleting browsing history on exit Machine
Allow deleting browsing history on exit User
Prevent running First Run wizard Machine
Prevent running First Run wizard User
Prevent access to Internet Explorer Help Machine
Prevent access to Internet Explorer Help User
Prevent Internet Explorer Search box from appearing Machine
Prevent Internet Explorer Search box from appearing User
Turn off suggestions for all user-installed providers Machine
Turn off suggestions for all user-installed providers User
Turn off the quick pick menu Machine
Turn off the quick pick menu User
Disable Automatic Install of Internet Explorer components Machine
Set tab process growth Machine
Set tab process growth User
Allow Internet Explorer 8 shutdown behavior Machine
Allow Internet Explorer 8 shutdown behavior User
Specify default behavior for a new tab Machine
Specify default behavior for a new tab User
Turn off Tab Grouping User
Turn off Quick Tabs functionality Machine
Turn off Quick Tabs functionality User
Prevent changing the default search provider Machine
Prevent changing the default search provider User
Disable showing the splash screen Machine
Turn off tabbed browsing Machine
Turn off tabbed browsing User
Turn off configuration of pop-up windows in tabbed browsing Machine
Turn off configuration of pop-up windows in tabbed browsing User
Disable Periodic Check for Internet Explorer software updates Machine
Prevent configuration of how windows open Machine
Prevent configuration of how windows open User
Configure Outlook Express User
Pop-up allow list Machine
Pop-up allow list User
Disable changing accessibility settings User
Disable changing Automatic Configuration settings Machine
Disable changing Automatic Configuration settings User
Disable changing Temporary Internet files settings User
Disable changing Calendar and Contact settings User
Disable changing certificate settings User
Disable changing default browser check User
Notify users if Internet Explorer is not the default web browser User
Disable changing color settings User
Disable changing connection settings User
Disable changing connection settings Machine
Disable Internet Connection wizard User
Disable changing font settings User
Disable AutoComplete for forms User
Turn on the auto-complete feature for user names and passwords on forms User
Disable "Configuring History" Machine
Disable "Configuring History" User
Disable changing home page settings User
Disable changing secondary home page settings Machine
Disable changing secondary home page settings User
Disable changing language settings User
Disable changing link color settings User
Disable changing Messaging settings User
Prevent managing pop-up exception list Machine
Prevent managing pop-up exception list User
Turn off pop-up management Machine
Turn off pop-up management User
Disable changing Profile Assistant settings User
Prevent changing proxy settings Machine
Prevent changing proxy settings User
Disable changing ratings settings User
Disable the Reset Web Settings feature User
Prevent the deletion of temporary Internet files and cookies Machine
Prevent the deletion of temporary Internet files and cookies User
Turn off the auto-complete feature for web addresses Machine
Turn off the auto-complete feature for web addresses User
Turn off Windows Search AutoComplete Machine
Turn off Windows Search AutoComplete User
Turn off URL Suggestions Machine
Turn off URL Suggestions User
Search: Disable Find Files via F3 within the browser User
Search: Disable Search Customization User
Security Zones: Use only machine settings Machine
Security Zones: Do not allow users to change policies Machine
Security Zones: Do not allow users to add/delete sites Machine
Disable software update shell notifications on program launch Machine
Restrict search providers to a specific list Machine
Restrict search providers to a specific list User
Prevent participation in the Customer Experience Improvement Program Machine
Prevent participation in the Customer Experience Improvement Program User
Prevent configuration of new tab creation Machine
Prevent configuration of new tab creation User
Make proxy settings per-machine (rather than per-user) Machine
Allow websites to open windows without status bar or Address bar Machine
Allow websites to open windows without status bar or Address bar User
Allow video and animation on a webpage that uses an older media player Machine
Allow video and animation on a webpage that uses an older media player User
Allow scriptlets Machine
Allow scriptlets User
Turn off first-run prompt Machine
Turn off first-run prompt User
Include local path when user is uploading files to a server Machine
Include local path when user is uploading files to a server User
Turn on SmartScreen Filter scan Machine
Turn on SmartScreen Filter scan User
Allow websites to prompt for information by using scripted windows Machine
Allow websites to prompt for information by using scripted windows User
Allow updates to status bar via script Machine
Allow updates to status bar via script User
Turn on Protected Mode Machine
Turn on Protected Mode User
Show security warning for potentially unsafe files Machine
Show security warning for potentially unsafe files User
Allow loading of XAML Browser Applications Machine
Allow loading of XAML Browser Applications User
Allow scripting of Internet Explorer WebBrowser controls Machine
Allow scripting of Internet Explorer WebBrowser controls User
Turn off .NET Framework Setup Machine
Turn off .NET Framework Setup User
Allow loading of XAML files Machine
Allow loading of XAML files User
Allow loading of XPS files Machine
Allow loading of XPS files User
Access data sources across domains Machine
Access data sources across domains User
Allow active scripting Machine
Allow active scripting User
Allow only approved domains to use ActiveX controls without prompt Machine
Allow only approved domains to use ActiveX controls without prompt User
Allow META REFRESH Machine
Allow META REFRESH User
Allow cut, copy or paste operations from the clipboard via script Machine
Allow cut, copy or paste operations from the clipboard via script User
Allow binary and script behaviors Machine
Allow binary and script behaviors User
Use Pop-up Blocker Machine
Use Pop-up Blocker User
Display mixed content Machine
Display mixed content User
Download signed ActiveX controls Machine
Download signed ActiveX controls User
Download unsigned ActiveX controls Machine
Download unsigned ActiveX controls User
Allow drag and drop or copy and paste files Machine
Allow drag and drop or copy and paste files User
Render legacy filters Machine
Render legacy filters User
Allow file downloads Machine
Allow file downloads User
Allow font downloads Machine
Allow font downloads User
Allow installation of desktop items Machine
Allow installation of desktop items User
Java permissions Machine
Java permissions User
Launching applications and files in an IFRAME Machine
Launching applications and files in an IFRAME User
Logon options Machine
Logon options User
Enable MIME Sniffing Machine
Enable MIME Sniffing User
Enable dragging of content from different domains within a window Machine
Enable dragging of content from different domains within a window User
Enable dragging of content from different domains across windows Machine
Enable dragging of content from different domains across windows User
Navigate windows and frames across different domains Machine
Navigate windows and frames across different domains User
Allow active content over restricted protocols to access my computer Machine
Allow active content over restricted protocols to access my computer User
Do not prompt for client certificate selection when no certificates or only one certificate exists. Machine
Do not prompt for client certificate selection when no certificates or only one certificate exists. User
Automatic prompting for ActiveX controls Machine
Automatic prompting for ActiveX controls User
Automatic prompting for file downloads Machine
Automatic prompting for file downloads User
Run ActiveX controls and plugins Machine
Run ActiveX controls and plugins User
Script ActiveX controls marked safe for scripting Machine
Script ActiveX controls marked safe for scripting User
Initialize and script ActiveX controls not marked as safe Machine
Initialize and script ActiveX controls not marked as safe User
Scripting of Java applets Machine
Scripting of Java applets User
Run .NET Framework-reliant components signed with Authenticode Machine
Run .NET Framework-reliant components signed with Authenticode User
Software channel permissions Machine
Software channel permissions User
Submit non-encrypted form data Machine
Submit non-encrypted form data User
Turn on Cross-Site Scripting Filter Machine
Turn on Cross-Site Scripting Filter User
Run .NET Framework-reliant components not signed with Authenticode Machine
Run .NET Framework-reliant components not signed with Authenticode User
Userdata persistence Machine
Userdata persistence User
Allow script-initiated windows without size or position constraints Machine
Allow script-initiated windows without size or position constraints User
Web sites in less privileged Web content zones can navigate into this zone Machine
Web sites in less privileged Web content zones can navigate into this zone User
Logon options User
Logon options User
Logon options User
Logon options User
Logon options User
Logon options User
Logon options User
Intranet Sites: Include all local (intranet) sites not listed in other zones Machine
Intranet Sites: Include all local (intranet) sites not listed in other zones User
Turn on certificate address mismatch warning Machine
Turn on certificate address mismatch warning User
Locked-Down Internet Zone Template Machine
Locked-Down Internet Zone Template User
Internet Zone Template Machine
Internet Zone Template User
Locked-Down Intranet Zone Template Machine
Locked-Down Intranet Zone Template User
Intranet Zone Template Machine
Intranet Zone Template User
Locked-Down Local Machine Zone Template Machine
Locked-Down Local Machine Zone Template User
Local Machine Zone Template Machine
Local Machine Zone Template User
Locked-Down Restricted Sites Zone Template Machine
Locked-Down Restricted Sites Zone Template User
Restricted Sites Zone Template Machine
Restricted Sites Zone Template User
Locked-Down Trusted Sites Zone Template Machine
Locked-Down Trusted Sites Zone Template User
Trusted Sites Zone Template Machine
Trusted Sites Zone Template User
Intranet Sites: Include all sites that bypass the proxy server Machine
Intranet Sites: Include all sites that bypass the proxy server User
Intranet Sites: Include all network paths (UNCs) Machine
Intranet Sites: Include all network paths (UNCs) User
Site to Zone Assignment List Machine
Site to Zone Assignment List User
Turn on automatic detection of intranet Machine
Turn on automatic detection of intranet User
Turn on Notification bar notification for intranet content Machine
Turn on Notification bar notification for intranet content User
Logon options User
Logon options User
Prevent specifying the hover color User
Prevent specifying the color of links that have not yet been clicked User
Prevent specifying the color of links that have already been clicked User
Turn on the hover color option User
File menu: Disable closing the browser and Explorer windows User
File menu: Disable Save As... menu option User
File menu: Disable Save As Web Page Complete User
File menu: Disable New menu option User
File menu: Disable Open menu option User
Help menu: Remove 'Send Feedback' menu option User
Help menu: Remove 'For Netscape Users' menu option User
Help menu: Remove 'Tip of the Day' menu option User
Help menu: Remove 'Tour' menu option User
Turn off Shortcut Menu User
Hide Favorites menu User
Disable Open in New Window menu option User
Disable Save this program to disk option User
Turn off Print Menu Machine
Turn off Print Menu User
Tools menu: Disable Internet Options... menu option User
View menu: Disable Full Screen menu option User
View menu: Disable Source menu option User
Turn off automatic image resizing User
Turn off image display User
Allow Internet Explorer to play media files that use alternative codecs Machine
Allow Internet Explorer to play media files that use alternative codecs User
Allow the display of image download placeholders User
Turn off smart image dithering User
File size limits for Local Machine zone User
File size limits for Intranet zone User
File size limits for Trusted Sites zone User
File size limits for Internet zone User
File size limits for Restricted Sites zone User
Turn on printing of background colors and images User
Turn off background synchronization for feeds and Web Slices Machine
Turn off background synchronization for feeds and Web Slices User
Prevent downloading of enclosures Machine
Prevent downloading of enclosures User
Prevent subscribing to or deleting a feed or a Web Slice Machine
Prevent subscribing to or deleting a feed or a Web Slice User
Prevent automatic discovery of feeds and Web Slices Machine
Prevent automatic discovery of feeds and Web Slices User
Prevent access to feed list Machine
Prevent access to feed list User
Turn on Basic feed authentication over HTTP Machine
Turn on Basic feed authentication over HTTP User
Bypass prompting for Clipboard access for scripts running in any process Machine
Bypass prompting for Clipboard access for scripts running in any process User
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process Machine
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process User
Define applications and processes that can access the Clipboard without prompting Machine
Define applications and processes that can access the Clipboard without prompting User
Prevent configuration of search on Address bar Machine
Prevent configuration of search on Address bar User
Prevent configuration of top-result search on Address bar Machine
Prevent configuration of top-result search on Address bar User
Allow native XMLHTTP support Machine
Allow native XMLHTTP support User
Turn off Data URI support Machine
Turn off Data URI support User
Turn off Data Execution Prevention Machine
Do not display the reveal password button Machine
Do not display the reveal password button User
Change the maximum number of connections per host (HTTP 1.1) Machine
Change the maximum number of connections per host (HTTP 1.1) User
Maximum number of connections per server (HTTP 1.0) Machine
Maximum number of connections per server (HTTP 1.0) User
Turn off cross-document messaging Machine
Turn off cross-document messaging User
Turn off the XDomainRequest object Machine
Turn off the XDomainRequest object User
Turn off the WebSocket Object Machine
Turn off the WebSocket Object User
Set the maximum number of WebSocket connections per server Machine
Set the maximum number of WebSocket connections per server User
Turn on automatic signup User
Turn off toolbar upgrade tool Machine
Turn off toolbar upgrade tool User
Turn off Developer Tools Machine
Turn off Developer Tools User
Disable customizing browser toolbars User
Disable customizing browser toolbar buttons User
Configure Toolbar Buttons User
Hide the Command bar Machine
Hide the Command bar User
Hide the status bar Machine
Hide the status bar User
Lock all toolbars Machine
Lock all toolbars User
Lock location of Stop and Refresh buttons Machine
Lock location of Stop and Refresh buttons User
Customize command labels Machine
Customize command labels User
Use large icons for command buttons Machine
Use large icons for command buttons User
Display tabs on a separate row Machine
Display tabs on a separate row User
Prevent specifying the update check interval (in days) Machine
Prevent changing the URL for checking updates to Internet Explorer and Internet Tools Machine
Turn off ActiveX Opt-In prompt Machine
Turn off ActiveX Opt-In prompt User
Prevent per-user installation of ActiveX controls Machine
Prevent per-user installation of ActiveX controls User
Specify use of ActiveX Installer Service for installation of ActiveX controls Machine
Specify use of ActiveX Installer Service for installation of ActiveX controls User
Turn on Suggested Sites Machine
Turn on Suggested Sites User
Turn off InPrivate Browsing Machine
Turn off InPrivate Browsing User
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Machine
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts User
Turn off collection of InPrivate Filtering data Machine
Turn off collection of InPrivate Filtering data User
Establish InPrivate Filtering threshold Machine
Establish InPrivate Filtering threshold User
Turn off InPrivate Filtering Machine
Turn off InPrivate Filtering User
Establish Tracking Protection threshold Machine
Establish Tracking Protection threshold User
Turn off Tracking Protection Machine
Turn off Tracking Protection User
Add non-default Accelerators User
Add non-default Accelerators Machine
Add default Accelerators User
Add default Accelerators Machine
Turn off Accelerators Machine
Turn off Accelerators User
Restrict Accelerators to those deployed through Group Policy Machine
Restrict Accelerators to those deployed through Group Policy User
Turn on Internet Explorer 7 Standards Mode Machine
Turn on Internet Explorer 7 Standards Mode User
Turn off Compatibility View Machine
Turn off Compatibility View User
Turn on Internet Explorer Standards Mode for local intranet Machine
Turn on Internet Explorer Standards Mode for local intranet User
Turn off Compatibility View button Machine
Turn off Compatibility View button User
Use Policy List of Internet Explorer 7 sites Machine
Use Policy List of Internet Explorer 7 sites User
Use Policy List of Quirks Mode sites Machine
Use Policy List of Quirks Mode sites User
Include updated website lists from Microsoft Machine
Include updated website lists from Microsoft User
Turn off ability to pin sites in Internet Explorer on the desktop Machine
Turn off ability to pin sites in Internet Explorer on the desktop User
Set default storage limits for websites Machine
Set default storage limits for websites User
Allow websites to store indexed databases on client computers Machine
Allow websites to store indexed databases on client computers User
Set indexed database storage limits for individual domains Machine
Set indexed database storage limits for individual domains User
Set maximum indexed database storage limit for all domains Machine
Set maximum indexed database storage limit for all domains User
Allow websites to store application caches on client computers Machine
Allow websites to store application caches on client computers User
Set application cache storage limits for individual domains Machine
Set application cache storage limits for individual domains User
Set maximum application caches storage limit for all domains Machine
Set maximum application caches storage limit for all domains User
Set application caches expiration time limit for individual domains Machine
Set application caches expiration time limit for individual domains User
Set maximum application cache resource list size Machine
Set maximum application cache resource list size User
Set maximum application cache individual resource size Machine
Set maximum application cache individual resource size User
Start Internet Explorer with tabs from last browsing session Machine
Start Internet Explorer with tabs from last browsing session User
Open Internet Explorer tiles on the desktop Machine
Open Internet Explorer tiles on the desktop User
Set how links are opened in Internet Explorer Machine
Set how links are opened in Internet Explorer User
Install new versions of Internet Explorer automatically Machine
Turn off handwriting recognition error reporting User
Turn off handwriting recognition error reporting Machine
Do not allow manual configuration of iSNS servers Machine
Do not allow manual configuration of target portals Machine
Do not allow manual configuration of discovered targets Machine
Do not allow adding new targets via manual configuration Machine
Do not allow changes to initiator iqn name Machine
Do not allow additional session logins Machine
Do not allow changes to initiator CHAP secret Machine
Do not allow connections without IPSec Machine
Do not allow sessions without mutual CHAP Machine
Do not allow sessions without one way CHAP Machine
Provide information about previous logons to client computers Machine
Use forest search order Machine
KDC support for claims, compound authentication and Kerberos armoring Machine
Warning for large Kerberos tickets Machine
Define host name-to-Kerberos realm mappings Machine
Define interoperable Kerberos V5 realm settings Machine
Require strict KDC validation Machine
Use forest search order Machine
Require strict target SPN match on remote procedure calls Machine
Specify KDC proxy servers for Kerberos clients Machine
Disable revocation checking for the SSL certificate of KDC proxy servers Machine
Fail authentication requests when Kerberos armoring is not available Machine
Support compound authentication Machine
Set maximum Kerberos SSPI context token buffer size Machine
Kerberos client support for claims, compound authentication and Kerberos armoring Machine
Hash Publication for BranchCache Machine
Hash Version support for BranchCache Machine
Turn on Mapper I/O (LLTDIO) driver Machine
Turn on Responder (RSPNDR) driver Machine
Turn off Windows Location Provider Machine
Do not process the legacy run list User
Do not process the legacy run list Machine
Do not process the run once list User
Do not process the run once list Machine
Always use classic logon Machine
Do not display the Getting Started welcome screen at logon Machine
Run these programs at user logon User
Run these programs at user logon Machine
Always wait for the network at computer startup and logon Machine
Remove Boot / Shutdown / Logon / Logoff status messages Machine
Do not display the Getting Started welcome screen at logon User
Display highly detailed status messages Machine
Hide entry points for Fast User Switching Machine
Turn off Windows Startup sound Machine
Show first sign-in animation Machine
Always use custom logon background Machine
Do not enumerate connected users on domain-joined computers Machine
Enumerate local users on domain-joined computers Machine
Turn off app notifications on the lock screen Machine
Do not allow Windows Media Center to run User
Do not allow Windows Media Center to run Machine
Restrict the user from entering author mode User
Restrict users to the explicitly permitted list of snap-ins User
Extended View (Web View) User
ActiveX Control User
Link to Web Address User
AppleTalk Routing User
Authorization Manager User
Certification Authority Policy Settings User
Connection Sharing (NAT) User
DCOM Configuration Extension User
Device Manager User
DHCP Relay Management User
Enterprise PKI User
Event Viewer User
Event Viewer (Windows Vista) User
IAS Logging User
IGMP Routing User
IP Routing User
IPX RIP Routing User
IPX Routing User
IPX SAP Routing User
Logical and Mapped Drives User
Online Responder User
OSPF Routing User
Public Key Policies User
RAS Dialin - User Node User
Remote Access User
Removable Storage User
RIP Routing User
Routing User
Send Console Message User
Service Dependencies User
Shared Folders Ext User
SMTP Protocol User
SNMP User
System Properties User
Group Policy Management User
Group Policy Object Editor User
Group Policy tab for Active Directory Tools User
Resultant Set of Policy snap-in User
Administrative Templates (Computers) User
Administrative Templates (Users) User
Folder Redirection User
Internet Explorer Maintenance User
IP Security Policy Management User
Windows Firewall with Advanced Security User
NAP Client Configuration User
Remote Installation Services User
Scripts (Startup/Shutdown) User
Scripts (Logon/Logoff) User
Security Settings User
Software Installation (Computers) User
Software Installation (Users) User
Wired Network (IEEE 802.3) Policies User
Wireless Network (IEEE 802.11) Policies User
Administrative Templates (Computers) User
Administrative Templates (Users) User
Folder Redirection User
Internet Explorer Maintenance User
Scripts (Startup/Shutdown) User
Scripts (Logon/Logoff) User
Security Settings User
Software Installation (Computers) User
Software Installation (Users) User
Active Directory Domains and Trusts User
Active Directory Sites and Services User
Active Directory Users and Computers User
ADSI Edit User
Certification Authority User
Certificates User
Certificate Templates User
Component Services User
Computer Management User
Device Manager User
Distributed File System User
Disk Defragmenter User
Disk Management User
Event Viewer User
Event Viewer (Windows Vista) User
Failover Clusters Manager User
FAX Service User
FrontPage Server Extensions User
Health Registration Authority (HRA) User
Internet Authentication Service (IAS) User
Internet Information Services User
Indexing Service User
IP Security Policy Management User
IP Security Monitor User
Local Users and Groups User
NAP Client Configuration User
.Net Framework Configuration User
Network Policy Server (NPS) User
Performance Logs and Alerts User
QoS Admission Control User
Remote Desktops User
Routing and Remote Access User
Removable Storage Management User
Security Configuration and Analysis User
Security Templates User
Server Manager User
Services User
Shared Folders User
System Information User
Telephony User
Remote Desktop Services Configuration User
TPM Management User
Windows Firewall with Advanced Security User
Wireless Monitor User
WMI Control User
Group Policy Starter GPO Editor User
Group Policy Management Editor User
Storage Manager for SANs User
Storage Manager for SANS Extension User
Disk Management Extension User
Share and Storage Management User
Share and Storage Management Extension User
DFS Management User
DFS Management Extension User
File Server Resource Manager User
File Server Resource Manager Extension User
Turn off Windows Mobility Center User
Turn off Windows Mobility Center Machine
Turn off Windows presentation settings User
Turn off Windows presentation settings Machine
Automatic Maintenance Activation Boundary Machine
Automatic Maintenance Random Delay Machine
Automatic Maintenance WakeUp Policy Machine
Microsoft Support Diagnostic Tool: Configure execution level Machine
Microsoft Support Diagnostic Tool: Restrict tool download Machine
Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider Machine
Configure MSI Corrupted File Recovery behavior Machine
Allow users to browse for source while elevated Machine
Allow users to use media source while elevated Machine
Allow users to patch elevated products Machine
Always install with elevated privileges User
Always install with elevated privileges Machine
Prohibit use of Restart Manager Machine
Remove browse dialog box for new source Machine
Prohibit flyweight patching Machine
Turn off logging via package settings Machine
Prevent removable media source for any installation User
Turn off Windows Installer Machine
Prevent users from using Windows Installer to install updates and upgrades Machine
Prohibit rollback User
Prohibit rollback Machine
Allow user control over installs Machine
Prohibit non-administrators from applying vendor signed updates Machine
Prohibit removal of updates Machine
Turn off creation of System Restore checkpoints Machine
Prohibit User Installs Machine
Enforce upgrade component rules Machine
Control maximum size of baseline file cache Machine
Specify the types of events Windows Installer records in its transaction log Machine
Prevent Internet Explorer security prompt for Windows Installer scripts Machine
Specify the order in which Windows Installer searches for installation files User
Save copies of transform files in a secure location on workstation Machine
Turn off shared components Machine
Prevent embedded UI Machine
Allow the Network Access Protection client to support the 802.1x Enforcement Client component Machine
Support Email Address Machine
Friendly Name Machine
User Interface Machine
Prefer Local Names Allowed Machine
DirectAccess Passive Mode Machine
Corporate Resources Machine
IPsec Tunnel Endpoints Machine
Custom Commands Machine
Specify corporate Website probe URL Machine
Specify corporate DNS probe host name Machine
Specify corporate DNS probe host address Machine
Specify corporate site prefix list Machine
Specify domain location determination URL Machine
Specify passive polling Machine
Contact PDC on logon failure Machine
Use initial DC discovery retry setting for background callers Machine
Use maximum DC discovery retry interval setting for background callers Machine
Use final DC discovery retry setting for background callers Machine
Use positive periodic DC cache refresh for background callers Machine
Specify log file debug output level Machine
Specify expected dial-up delay on logon Machine
Specify maximum log file size Machine
Specify negative DC Discovery cache setting Machine
Set Netlogon share compatibility Machine
Specify positive periodic DC Cache refresh for non-background callers Machine
Set scavenge interval Machine
Specify site name Machine
Set SYSVOL share compatibility Machine
Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC Machine
Use automated site coverage by the DC Locator DNS SRV Records Machine
Specify DC Locator DNS records not registered by the DCs Machine
Specify Refresh Interval of the DC Locator DNS records Machine
Set TTL in the DC Locator DNS Records Machine
Specify sites covered by the GC Locator DNS SRV Records Machine
Set Priority in the DC Locator DNS SRV records Machine
Set Weight in the DC Locator DNS SRV records Machine
Specify sites covered by the application directory partition DC Locator DNS SRV records Machine
Specify sites covered by the DC Locator DNS SRV records Machine
Specify dynamic registration of the DC Locator DNS Records Machine
Try Next Closest Site Machine
Force Rediscovery Interval Machine
Return domain controller address type Machine
Allow cryptography algorithms compatible with Windows NT 4.0 Machine
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names Machine
Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails Machine
Specify address lookup behavior for DC locator ping Machine
Use urgent mode when pinging domain controllers Machine
Prohibit adding and removing components for a LAN or remote access connection User
Prohibit access to the Advanced Settings item on the Advanced menu User
Prohibit TCP/IP advanced configuration User
Prohibit installation and configuration of Network Bridge on your DNS domain network Machine
Prohibit Enabling/Disabling components of a LAN connection User
Ability to delete all user remote access connections User
Prohibit deletion of remote access connections User
Prohibit access to the Remote Access Preferences item on the Advanced menu User
Enable Windows 2000 Network Connections settings for Administrators User
Turn off notifications when a connection has only limited or no connectivity User
Prohibit access to properties of components of a LAN connection User
Ability to Enable/Disable a LAN connection User
Prohibit access to properties of a LAN connection User
Prohibit access to the New Connection Wizard User
Prohibit use of Internet Connection Firewall on your DNS domain network Machine
Ability to change properties of an all user remote access connection User
Prohibit access to properties of components of a remote access connection User
Prohibit connecting and disconnecting a remote access connection User
Prohibit changing properties of a private remote access connection User
Ability to rename all user remote access connections User
Ability to rename LAN connections or remote access connections available to all users User
Ability to rename LAN connections User
Prohibit renaming private remote access connections User
Prohibit use of Internet Connection Sharing on your DNS domain network Machine
Prohibit viewing of status for an active connection User
Require domain users to elevate when setting a network's location Machine
Do not show the "local access only" network icon Machine
Route all traffic through the internal network Machine
Internet proxy servers for apps Machine
Intranet proxy servers for apps Machine
Private network ranges for apps Machine
Proxy definitions are authoritative Machine
Subnet definitions are authoritative Machine
Turn off Connect to a Network Projector User
Turn off Connect to a Network Projector Machine
Network Projector Port Setting Machine
Subfolders always available offline Machine
Specify administratively assigned Offline Files User
Specify administratively assigned Offline Files Machine
Non-default server disconnect actions User
Non-default server disconnect actions Machine
Default cache size Machine
Allow or Disallow use of the Offline Files feature Machine
Encrypt the Offline Files cache Machine
Event logging level User
Event logging level Machine
Files not cached Machine
Action on server disconnect User
Action on server disconnect Machine
Prevent use of Offline Files folder User
Prevent use of Offline Files folder Machine
Prohibit user configuration of Offline Files User
Prohibit user configuration of Offline Files Machine
Remove "Make Available Offline" command User
Remove "Make Available Offline" command Machine
Remove "Make Available Offline" for these files and folders User
Remove "Make Available Offline" for these files and folders Machine
Turn off reminder balloons User
Turn off reminder balloons Machine
At logoff, delete local copy of users offline files Machine
Reminder balloon frequency User
Reminder balloon frequency Machine
Initial reminder balloon lifetime User
Initial reminder balloon lifetime Machine
Reminder balloon lifetime User
Reminder balloon lifetime Machine
Configure Slow link speed Machine
Synchronize all offline files before logging off User
Synchronize all offline files before logging off Machine
Synchronize all offline files when logging on User
Synchronize all offline files when logging on Machine
Synchronize offline files before suspend User
Synchronize offline files before suspend Machine
Turn on economical application of administratively assigned Offline Files Machine
Configure slow-link mode Machine
Limit disk space used by Offline Files Machine
Configure Background Sync Machine
Enable Transparent Caching Machine
Enable file screens Machine
Remove "Work offline" command User
Remove "Work offline" command Machine
Enable file synchronization on costed networks Machine
Turn off Microsoft Peer-to-Peer Networking Services Machine
Turn off Multicast Bootstrap Machine
Turn off PNRP cloud creation Machine
Set PNRP cloud to resolve only Machine
Set the Seed Server Machine
Disable password strength validation for Peer Grouping Machine
Make Family Safety control panel visible on a Domain Machine
Detect compatibility issues for applications and drivers Machine
Detect application install failures Machine
Detect applications unable to launch installers under UAC Machine
Detect application failures caused by deprecated Windows DLLs Machine
Detect application failures caused by deprecated COM objects Machine
Detect application installers that need to be run as administrator Machine
Notify blocked drivers Machine
Turn on BranchCache Machine
Set percentage of disk space used for client computer cache Machine
Set BranchCache Hosted Cache mode Machine
Set BranchCache Distributed Cache mode Machine
Configure BranchCache for network files Machine
Enable Automatic Hosted Cache Discovery by Service Connection Point Machine
Configure Client BranchCache Version Support Machine
Configure Hosted Cache Servers Machine
Set age for segments in the data cache Machine
Turn off Tablet PC Pen Training User
Turn off Tablet PC Pen Training Machine
Turn off access to the performance center core section Machine
Turn off access to the performance center core section User
Turn off access to the solutions to performance problems section Machine
Turn off access to the solutions to performance problems section User
Turn off access to the OEM and Microsoft branding section Machine
Turn off access to the OEM and Microsoft branding section User
Enable/Disable PerfTrack Machine
Critical battery notification action Machine
Low battery notification action Machine
Critical battery notification level Machine
Low battery notification level Machine
Turn off low battery user notification Machine
Select the Power button action (plugged in) Machine
Select the Sleep button action (plugged in) Machine
Select the lid switch action (plugged in) Machine
Select the Start menu Power button action (plugged in) Machine
Select the Power button action (on battery) Machine
Select the Sleep button action (on battery) Machine
Select the lid switch action (on battery) Machine
Select the Start menu Power button action (on battery) Machine
Turn Off the hard disk (plugged in) Machine
Turn Off the hard disk (on battery) Machine
Specify a custom active power plan Machine
Select an active power plan Machine
Prompt for password on resume from hibernate/suspend User
Turn on the ability for applications to prevent sleep transitions (plugged in) Machine
Specify the system hibernate timeout (plugged in) Machine
Require a password when a computer wakes (plugged in) Machine
Specify the system sleep timeout (plugged in) Machine
Turn off hybrid sleep (plugged in) Machine
Turn on the ability for applications to prevent sleep transitions (on battery) Machine
Specify the system hibernate timeout (on battery) Machine
Require a password when a computer wakes (on battery) Machine
Specify the system sleep timeout (on battery) Machine
Turn off hybrid sleep (on battery) Machine
Turn off adaptive display timeout (plugged in) Machine
Turn off adaptive display timeout (on battery) Machine
Turn off the display (plugged in) Machine
Turn off the display (on battery) Machine
Allow standby states (S1-S3) when sleeping (plugged in) Machine
Allow standby states (S1-S3) when sleeping (on battery) Machine
Do not turn off system power after a Windows system shutdown has occurred. Machine
Allow automatic sleep with Open Network Files (plugged in) Machine
Allow automatic sleep with Open Network Files (on battery) Machine
Reduce display brightness (plugged in) Machine
Reduce display brightness (on battery) Machine
Specify the display dim brightness (plugged in) Machine
Specify the display dim brightness (on battery) Machine
Turn on desktop background slideshow (plugged in) Machine
Turn on desktop background slideshow (on battery) Machine
Specify the unattended sleep timeout (plugged in) Machine
Specify the unattended sleep timeout (on battery) Machine
Allow applications to prevent automatic sleep (plugged in) Machine
Allow applications to prevent automatic sleep (on battery) Machine
Reserve battery notification level Machine
Turn on Script Execution Machine
Turn on Script Execution User
Turn on Module Logging Machine
Turn on Module Logging User
Set the default source path for Update-Help Machine
Set the default source path for Update-Help User
Prevent restoring previous versions from backups User
Prevent restoring previous versions from backups Machine
Hide previous versions list for local files User
Hide previous versions list for local files Machine
Prevent restoring local previous versions User
Prevent restoring local previous versions Machine
Hide previous versions list for remote files User
Hide previous versions list for remote files Machine
Prevent restoring remote previous versions User
Prevent restoring remote previous versions Machine
Hide previous versions of files on backup location User
Hide previous versions of files on backup location Machine
Activate Internet printing Machine
Isolate print drivers from applications Machine
Custom support URL in the Printers folder's left pane Machine
Add Printer wizard - Network scan page (Managed network) Machine
Browse the network to find printers User
Always render print jobs on the server Machine
Always rasterize content to be printed using a software rasterizer Machine
Browse a common web site to find printers User
Disallow installation of printers using kernel-mode drivers Machine
Prevent addition of printers User
Prevent deletion of printers User
Add Printer wizard - Network scan page (Unmanaged network) Machine
Only use Package Point and print User
Package Point and print - Approved servers User
Only use Package Point and print Machine
Package Point and print - Approved servers Machine
Computer location Machine
Pre-populate printer search location text Machine
Point and Print Restrictions User
Point and Print Restrictions Machine
Default Active Directory path when searching for printers User
Printer browsing Machine
Execute print drivers in isolated processes Machine
Override print driver execution compatibility setting reported by print driver Machine
Extend Point and Print connection to search Windows Update Machine
Do not allow v4 printer drivers to show printer extensions Machine
Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps) Machine
Allow Print Spooler to accept client connections Machine
Automatically publish new printers in Active Directory Machine
Prune printers that are not automatically republished Machine
Directory pruning interval Machine
Directory pruning priority Machine
Directory pruning retry Machine
Log directory pruning retry events Machine
Allow printers to be published Machine
Check published state Machine
Allow pruning of published printers Machine
Hide the Programs Control Panel User
Hide "Programs and Features" page User
Hide "Installed Updates" page User
Hide "Set Program Access and Computer Defaults" page User
Hide "Windows Marketplace" User
Hide "Get Programs" page User
Hide "Windows Features" User
Turn on extensive logging for Password Synchronization Machine
Set the number of synchronization retries for servers running Password Synchronization Machine
Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory Machine
Set the interval between synchronization retries for Password Synchronization Machine
Best effort service type Machine
Controlled load service type Machine
Guaranteed service type Machine
Network control service type Machine
Qualitative service type Machine
Limit outstanding packets Machine
Limit reservable bandwidth Machine
Set timer resolution Machine
Non-conforming packets Machine
Configure Reliability WMI Providers Machine
Allow restore of system to default state Machine
Enable Persistent Time Stamp Machine
Report unplanned shutdown events Machine
Activate Shutdown Event Tracker System State Data feature Machine
Display Shutdown Event Tracker Machine
Turn on session logging Machine
Allow only Windows Vista or later connections Machine
Turn on bandwidth optimization Machine
Customize warning messages Machine
Configure Solicited Remote Assistance Machine
Configure Offer Remote Assistance Machine
Set time (in seconds) to force reboot User
Set time (in seconds) to force reboot Machine
CD and DVD: Deny read access User
CD and DVD: Deny read access Machine
CD and DVD: Deny write access User
CD and DVD: Deny write access Machine
CD and DVD: Deny execute access Machine
Custom Classes: Deny read access User
Custom Classes: Deny read access Machine
Custom Classes: Deny write access User
Custom Classes: Deny write access Machine
Floppy Drives: Deny read access User
Floppy Drives: Deny read access Machine
Floppy Drives: Deny write access User
Floppy Drives: Deny write access Machine
Floppy Drives: Deny execute access Machine
Removable Disks: Deny read access User
Removable Disks: Deny read access Machine
Removable Disks: Deny write access User
Removable Disks: Deny write access Machine
Removable Disks: Deny execute access Machine
All Removable Storage classes: Deny all access User
All Removable Storage classes: Deny all access Machine
Tape Drives: Deny read access User
Tape Drives: Deny read access Machine
Tape Drives: Deny write access User
Tape Drives: Deny write access Machine
Tape Drives: Deny execute access Machine
WPD Devices: Deny read access User
WPD Devices: Deny read access Machine
WPD Devices: Deny write access User
WPD Devices: Deny write access Machine
All Removable Storage: Allow direct access in remote sessions Machine
Enable RPC Endpoint Mapper Client Authentication Machine
Propagate extended error information Machine
Ignore Delegation Failure Machine
Set Minimum Idle Connection Timeout for RPC/HTTP connections Machine
Restrict Unauthenticated RPC clients Machine
Maintain RPC Troubleshooting State Information Machine
Specify maximum wait time for Group Policy scripts Machine
Run legacy logon scripts hidden User
Display instructions in logoff scripts as they run User
Run logon scripts synchronously User
Run logon scripts synchronously Machine
Display instructions in logon scripts as they run User
Run Windows PowerShell scripts first at computer startup, shutdown Machine
Run Windows PowerShell scripts first at user logon, logoff Machine
Run Windows PowerShell scripts first at user logon, logoff User
Display instructions in shutdown scripts as they run Machine
Run startup scripts asynchronously Machine
Display instructions in startup scripts as they run Machine
Allow logon scripts when NetBIOS or WINS is disabled Machine
Configure Security Policy for Scripted Diagnostics Machine
Troubleshooting: Allow users to access and run Troubleshooting Wizards Machine
Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) Machine
Configure Scheduled Maintenance Behavior Machine
Prevent adding UNC locations to index from Control Panel Machine
Prevent adding UNC locations to index from Control Panel User
Allow indexing of encrypted files Machine
Disable indexer backoff Machine
Prevent clients from querying the index remotely Machine
Prevent indexing when running on battery power to conserve energy Machine
Prevent customization of indexed locations in Control Panel Machine
Prevent customization of indexed locations in Control Panel User
Allow use of diacritics Machine
Always use automatic language detection when indexing content and properties Machine
Prevent automatically adding shared folders to the Windows Search index Machine
Prevent adding user-specified locations to the All Locations menu Machine
Prevent the display of advanced indexing options for Windows Search in the Control Panel Machine
Prevent indexing files in offline files cache Machine
Enable indexing uncached Exchange folders Machine
Enable indexing of online delegate mailboxes Machine
Enable throttling for online mail indexing Machine
Prevent indexing Microsoft Office Outlook Machine
Prevent indexing e-mail attachments Machine
Control rich previews for attachments Machine
Prevent indexing public folders Machine
Indexer data location Machine
Add primary intranet search location Machine
Add secondary intranet search locations Machine
Preview pane location Machine
Set large or small icon view in desktop search results Machine
Stop indexing in the event of limited hard drive space Machine
Prevent unwanted iFilters and protocol handlers Machine
Do not allow web search Machine
Prevent indexing certain paths Machine
Prevent indexing certain paths User
Default indexed paths Machine
Default indexed paths User
Default excluded paths Machine
Default excluded paths User
Prevent indexing of certain file types Machine
Turn off storage and display of search history User
Select OCR languages from a code page Machine
Force TIFF IFilter to perform OCR for every page in a TIFF document Machine
Turn on Security Center (Domain PCs only) Machine
Turn off sensors User
Turn off sensors Machine
Turn off location User
Turn off location Machine
Turn off location scripting User
Turn off location scripting Machine
Do not display Server Manager automatically at logon Machine
Configure the refresh interval for Server Manager Machine
Do not display Initial Configuration Tasks window automatically at logon Machine
Do not display Manage Your Server page at logon Machine
Specify settings for optional component installation and component repair Machine
Do not sync Machine
Do not sync app settings Machine
Do not sync passwords Machine
Do not sync personalize Machine
Do not sync other Windows settings Machine
Do not sync desktop personalization Machine
Do not sync browser settings Machine
Do not sync on metered connections Machine
Specify Windows Service Pack installation file location Machine
Specify Windows installation file location Machine
Turn off handwriting personalization data sharing Machine
Turn off handwriting personalization data sharing User
Allow DFS roots to be published User
Allow shared folders to be published User
Prevent users from sharing files within their profile. User
Prevent the computer from joining a homegroup Machine
Prevent access to the command prompt User
Prevent access to registry editing tools User
Run only specified Windows applications User
Don't run specified Windows applications User
Do not display the Welcome Center at user logon User
Turn off desktop gadgets User
Turn off desktop gadgets Machine
Restrict unpacking and installation of gadgets that are not digitally signed. User
Restrict unpacking and installation of gadgets that are not digitally signed. Machine
Turn Off user-installed desktop gadgets User
Turn Off user-installed desktop gadgets Machine
Delete data from devices running Microsoft firmware when a user logs off from the computer. User
Delete data from devices running Microsoft firmware when a user logs off from the computer. Machine
Turn off Windows SideShow User
Turn off Windows SideShow Machine
Turn off automatic wake User
Turn off automatic wake Machine
Require a PIN to access data on devices running Microsoft firmware User
Require a PIN to access data on devices running Microsoft firmware Machine
Allow certificates with no extended key usage certificate attribute Machine
Allow Integrated Unblock screen to be displayed at the time of logon Machine
Filter duplicate logon certificates Machine
Force the reading of all certificates from the smart card Machine
Allow signature keys valid for Logon Machine
Allow time invalid certificates Machine
Turn on certificate propagation from smart card Machine
Configure root certificate clean up Machine
Turn on root certificate propagation from smart card Machine
Display string when smart card is blocked Machine
Reverse the subject name stored in a certificate when displaying Machine
Prevent plaintext PINs from being returned by Credential Manager Machine
Allow user name hint Machine
Turn on Smart Card Plug and Play service Machine
Notify user of successful smart card driver installation Machine
Allow ECC certificates to be used for logon and authentication Machine
Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS Machine
Set the map update interval for NIS subordinate servers Machine
Specify communities Machine
Specify permitted managers Machine
Specify traps for public community Machine
Do not allow Sound Recorder to run User
Do not allow Sound Recorder to run Machine
File Classification Infrastructure: Display Classification tab in File Explorer Machine
File Classification Infrastructure: Specify classification properties list Machine
Customize message for Access Denied errors Machine
Enable access-denied assistance on client for all file types Machine
Clear the recent programs list for new users User
Remove Games link from Start Menu User
Remove Search Computer link User
Remove See More Results / Search Everywhere link User
Add Search Internet link to Start Menu User
Do not search for files User
Do not search Internet User
Do not search programs and Control Panel items User
Do not search communications User
Remove user folder link from Start Menu User
Add the Run command to the Start Menu User
Show QuickLaunch on Taskbar User
Clear history of recently opened documents on exit User
Add Logoff to the Start Menu User
Gray unavailable Windows Installer programs Start Menu shortcuts User
Turn off personalized menus User
Lock the Taskbar User
Add "Run in Separate Memory Space" check box to Run dialog box User
Turn off notification area cleanup User
Remove Balloon Tips on Start Menu items User
Remove drag-and-drop and context menus on the Start Menu User
Clear history of tile notifications on exit User
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands User
Remove common program groups from Start Menu User
Remove Favorites menu from Start Menu User
Remove Search link from Start Menu User
Remove frequent programs list from the Start Menu User
Remove Help menu from Start Menu User
Turn off user tracking User
Remove All Programs list from the Start menu User
Remove Network Connections from Start Menu User
Remove pinned programs list from the Start Menu User
Do not keep history of recently opened documents User
Remove Recent Items menu from Start Menu User
Do not use the search-based method when resolving shell shortcuts User
Do not use the tracking-based method when resolving shell shortcuts User
Remove Run menu from Start Menu User
Remove programs on Settings menu User
Prevent changes to Taskbar and Start Menu Settings User
Remove Default Programs link from the Start menu. User
Remove Documents icon from Start Menu User
Remove Music icon from Start Menu User
Remove Network icon from Start Menu User
Remove Pictures icon from Start Menu User
Remove user's folders from the Start Menu User
Force classic Start Menu User
Remove Clock from the system notification area User
Prevent grouping of taskbar items User
Do not display any custom toolbars in the taskbar User
Remove access to the context menus for the taskbar User
Hide the notification area User
Remove user name from Start Menu User
Remove links and access to Windows Update User
Remove the "Undock PC" button from the Start Menu User
Remove Logoff on the Start Menu User
Remove Homegroup link from Start Menu User
Remove Downloads link from Start Menu User
Remove Recorded TV link from Start Menu User
Remove Videos link from Start Menu User
Prevent users from uninstalling applications from Start User
Change Start Menu power button User
Show "Run as different user" command on Start User
Turn on Accounting for WSRM Machine
Set the Email IDs to which notifications are to be sent Machine
Set the Time interval in minutes for logging accounting data Machine
Set the SMTP Server used to send notifications Machine
Turn off Configuration Machine
Turn off System Restore Machine
Turn off AutoComplete integration with Input Panel User
Turn off AutoComplete integration with Input Panel Machine
Prevent Input Panel tab from appearing User
Prevent Input Panel tab from appearing Machine
For tablet pen input, dont show the Input Panel icon User
For tablet pen input, dont show the Input Panel icon Machine
For touch input, dont show the Input Panel icon User
For touch input, dont show the Input Panel icon Machine
Turn off password security in Input Panel User
Turn off password security in Input Panel Machine
Switch to the Simplified Chinese (PRC) gestures User
Switch to the Simplified Chinese (PRC) gestures Machine
Include rarely used Chinese, Kanji, or Hanja characters User
Include rarely used Chinese, Kanji, or Hanja characters Machine
Turn off tolerant and Z-shaped scratch-out gestures User
Turn off tolerant and Z-shaped scratch-out gestures Machine
Disable text prediction User
Disable text prediction Machine
Do not allow Inkball to run User
Do not allow Inkball to run Machine
Do not allow Windows Journal to be run User
Do not allow Windows Journal to be run Machine
Do not allow printing to Journal Note Writer User
Do not allow printing to Journal Note Writer Machine
Do not allow Snipping Tool to run User
Do not allow Snipping Tool to run Machine
Turn off pen feedback User
Turn off pen feedback Machine
Prevent Back-ESC mapping User
Prevent Back-ESC mapping Machine
Prevent launch an application User
Prevent launch an application Machine
Prevent press and hold User
Prevent press and hold Machine
Turn off hardware buttons User
Turn off hardware buttons Machine
Prevent Flicks Learning Mode User
Prevent Flicks Learning Mode Machine
Prevent flicks User
Prevent flicks Machine
Remove the battery meter User
Remove the networking icon User
Remove the volume control icon User
Remove the Action Center icon User
Lock all taskbar settings User
Prevent users from adding or removing toolbars User
Prevent users from rearranging toolbars User
Turn off all balloon notifications User
Prevent users from moving taskbar to another screen dock location User
Prevent users from resizing the taskbar User
Turn off taskbar thumbnails User
Remove pinned programs from the Taskbar User
Turn off automatic promotion of notification icons to the taskbar User
Turn off feature advertisement balloon notifications User
Do not display or track items in Jump Lists from remote locations User
Do not allow pinning programs to the Taskbar User
Do not allow pinning items in Jump Lists User
Do not allow taskbars on more than one display User
Prohibit Browse User
Prohibit Browse Machine
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard User
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard Machine
Prohibit Drag-and-Drop User
Prohibit Drag-and-Drop Machine
Prevent Task Run or End User
Prevent Task Run or End Machine
Hide Property Pages User
Hide Property Pages Machine
Prohibit New Task Creation User
Prohibit New Task Creation Machine
Prohibit Task Deletion User
Prohibit Task Deletion Machine
Set ISATAP State Machine
Set ISATAP Router Name Machine
Set 6to4 State Machine
Set 6to4 Relay Name Machine
Set 6to4 Relay Name Resolution Interval Machine
Set Teredo State Machine
Set Teredo Server Name Machine
Set Teredo Refresh Rate Machine
Set Teredo Client Port Machine
Set Teredo Default Qualified Machine
Set IP-HTTPS State Machine
Set Window Scaling Heuristics State Machine
Set IP Stateless Autoconfiguration Limits State Machine
Allow time zone redirection User
Do not allow Clipboard redirection User
Remove remote desktop wallpaper User
Always show desktop on connection User
Allow remote start of unlisted programs Machine
Allow desktop composition for remote desktop sessions Machine
Use RD Connection Broker load balancing Machine
Redirect only the default client printer Machine
Redirect only the default client printer User
Set time limit for logoff of RemoteApp sessions User
Set time limit for logoff of RemoteApp sessions Machine
Do not allow font smoothing Machine
Select the network adapter to be used for Remote Desktop IP Virtualization Machine
Do not use Remote Desktop Session Host server IP address when virtual IP address is not available Machine
Turn off Fair Share CPU Scheduling Machine
Turn off Windows Installer RDS Compatibility Machine
Turn on Remote Desktop IP Virtualization Machine
Use the hardware default graphics adapter for all Remote Desktop Services sessions Machine
Configure image quality for RemoteFX Adaptive Graphics Machine
Configure RemoteFX Adaptive Graphics Machine
Enable Remote Desktop Protocol 8.0 Machine
Select network detection on the server Machine
Select RDP transport protocols Machine
Turn Off UDP On Client Machine
Do not allow passwords to be saved User
Do not allow passwords to be saved Machine
Set client connection encryption level Machine
Always prompt for password upon connection Machine
Require use of specific security layer for remote (RDP) connections Machine
Require user authentication for remote connections by using Network Level Authentication Machine
Server authentication certificate template Machine
Set RD Gateway authentication method User
Enable connection through RD Gateway User
Set RD Gateway server address User
Automatic reconnection Machine
Limit maximum color depth Machine
Limit number of monitors Machine
Allow users to connect remotely by using Remote Desktop Services Machine
Limit maximum display resolution Machine
Enforce Removal of Remote Desktop Wallpaper Machine
Deny logoff of an administrator logged in to the console session Machine
Configure keep-alive connection interval Machine
Use the specified Remote Desktop license servers Machine
Hide notifications about RD Licensing problems that affect the RD Session Host server Machine
Set the Remote Desktop licensing mode Machine
Limit number of connections Machine
Remove "Disconnect" option from Shut Down dialog Machine
Remove Windows Security item from Start menu Machine
Suspend user sign-in to complete app registration Machine
Set rules for remote control of Remote Desktop Services user sessions User
Set rules for remote control of Remote Desktop Services user sessions Machine
Restrict Remote Desktop Services users to a single Remote Desktop Services session Machine
Start a program on connection User
Start a program on connection Machine
Do not allow local administrators to customize permissions Machine
Always show desktop on connection Machine
Set Remote Desktop Services User Home Directory Machine
Set path for Remote Desktop Services Roaming User Profile Machine
Use mandatory profiles on the RD Session Host server Machine
Limit the size of the entire roaming user profile cache Machine
License server security group Machine
Prevent license upgrade Machine
Allow audio and video playback redirection Machine
Limit audio playback quality Machine
Allow audio recording redirection Machine
Do not allow Clipboard redirection Machine
Do not allow COM port redirection Machine
Do not set default client printer to be default printer in a session Machine
Use Remote Desktop Easy Print printer driver first Machine
Use Remote Desktop Easy Print printer driver first User
Do not allow drive redirection Machine
Do not allow LPT port redirection Machine
Do not allow supported Plug and Play device redirection Machine
Do not allow client printer redirection Machine
Specify RD Session Host server fallback printer driver behavior Machine
Do not allow smart card device redirection Machine
Allow time zone redirection Machine
Require secure RPC communication Machine
Join RD Connection Broker Machine
Configure RD Connection Broker farm name Machine
Use IP Address Redirection Machine
Configure RD Connection Broker server name Machine
End session when time limits are reached User
End session when time limits are reached Machine
Set time limit for disconnected sessions User
Set time limit for disconnected sessions Machine
Set time limit for active but idle Remote Desktop Services sessions User
Set time limit for active but idle Remote Desktop Services sessions Machine
Set time limit for active Remote Desktop Services sessions User
Set time limit for active Remote Desktop Services sessions Machine
Do not delete temp folders upon exit Machine
Do not use temporary folders per session Machine
Allow .rdp files from unknown publishers User
Allow .rdp files from unknown publishers Machine
Allow .rdp files from valid publishers and user's default .rdp settings User
Allow .rdp files from valid publishers and user's default .rdp settings Machine
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers Machine
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers User
Prompt for credentials on the client computer Machine
Configure server authentication for client Machine
Configure image quality for RemoteFX Adaptive Graphics Machine
Configure RemoteFX Adaptive Graphics Machine
Configure compression for RemoteFX data Machine
Optimize visual experience for Remote Desktop Service Sessions Machine
Allow RDP redirection of other supported RemoteFX USB devices from this computer Machine
Configure RemoteFX Machine
Optimize visual experience when using RemoteFX Machine
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 Machine
Specify default connection URL User
Select network detection on the server Machine
Select RDP transport protocols Machine
Turn Off UDP On Client Machine
Turn off the display of thumbnails and only display icons. User
Turn off the display of thumbnails and only display icons on network folders User
Turn off the caching of thumbnails in hidden thumbs.db files User
Turn off Tablet PC touch input User
Turn off Tablet PC touch input Machine
Turn off Touch Panning User
Turn off Touch Panning Machine
Turn on TPM backup to Active Directory Domain Services Machine
Configure the level of TPM owner authorization information available to the operating system Machine
Configure the list of blocked TPM commands Machine
Ignore the default list of blocked TPM commands Machine
Ignore the local list of blocked TPM commands Machine
Standard User Lockout Duration Machine
Standard User Individual Lockout Threshold Machine
Standard User Total Lockout Threshold Machine
Prevent the user from running the Backup Status and Configuration program User
Prevent the user from running the Backup Status and Configuration program Machine
Prevent backing up to local disks User
Prevent backing up to local disks Machine
Prevent backing up to network location User
Prevent backing up to network location Machine
Prevent backing up to optical media (CD/DVD) User
Prevent backing up to optical media (CD/DVD) Machine
Turn off the ability to back up data files User
Turn off the ability to back up data files Machine
Turn off restore functionality User
Turn off restore functionality Machine
Turn off the ability to create a system image User
Turn off the ability to create a system image Machine
Add the Administrators security group to roaming user profiles Machine
Do not check for user ownership of Roaming Profile Folders Machine
Connect home directory to root of the share User
Delete cached copies of roaming profiles Machine
Disable detection of slow network connections Machine
Prompt user when a slow network connection is detected Machine
Exclude directories in roaming profile User
Leave Windows Installer and Group Policy Software Installation Data Machine
Limit profile size User
Only allow local user profiles Machine
Establish timeout value for dialog boxes Machine
Do not log users on with temporary profiles Machine
Maximum retries to unload and update user profile Machine
Prevent Roaming Profile changes from propagating to the server Machine
Wait for remote user profile Machine
Control slow network connection timeout for user profiles Machine
Delete user profiles older than a specified number of days on system restart Machine
Specify network directories to sync at logon/logoff time only User
Do not forcefully unload the users registry at user logoff Machine
Set maximum wait time for the network if a user has a roaming user profile or remote home directory Machine
Set roaming profile path for all users logging onto this computer Machine
Set the schedule for background upload of a roaming user profile's registry file while user is logged on Machine
User management of sharing user name, account picture, and domain information with apps (not desktop apps) Machine
Download roaming profiles on primary computers only Machine
Set user home folder Machine
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) Machine
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista) Machine
Choose default folder for recovery password Machine
Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2) Machine
Choose drive encryption method and cipher strength Machine
Prevent memory overwrite on restart Machine
Allow enhanced PINs for startup Machine
Configure use of passwords for operating system drives Machine
Reset platform validation data after BitLocker recovery Machine
Disallow standard users from changing the PIN or password Machine
Provide the unique identifiers for your organization Machine
Validate smart card certificate usage rule compliance Machine
Use enhanced Boot Configuration Data validation profile Machine
Choose how BitLocker-protected operating system drives can be recovered Machine
Enforce drive encryption type on operating system drives Machine
Require additional authentication at startup (Windows Server 2008 and Windows Vista) Machine
Require additional authentication at startup Machine
Allow network unlock at startup Machine
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2) Machine
Configure TPM platform validation profile for BIOS-based firmware configurations Machine
Configure TPM platform validation profile for native UEFI firmware configurations Machine
Configure minimum PIN length for startup Machine
Configure use of hardware-based encryption for operating system drives Machine
Enable use of BitLocker authentication requiring preboot keyboard input on slates Machine
Allow Secure Boot for integrity validation Machine
Choose how BitLocker-protected fixed drives can be recovered Machine
Configure use of passwords for fixed data drives Machine
Deny write access to fixed drives not protected by BitLocker Machine
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows Machine
Configure use of smart cards on fixed data drives Machine
Enforce drive encryption type on fixed data drives Machine
Configure use of hardware-based encryption for fixed data drives Machine
Choose how BitLocker-protected removable drives can be recovered Machine
Control use of BitLocker on removable drives Machine
Configure use of passwords for removable data drives Machine
Deny write access to removable drives not protected by BitLocker Machine
Allow access to BitLocker-protected removable data drives from earlier versions of Windows Machine
Configure use of smart cards on removable data drives Machine
Enforce drive encryption type on removable data drives Machine
Configure use of hardware-based encryption for removable data drives Machine
Global Configuration Settings Machine
Configure Windows NTP Client Machine
Enable Windows NTP Client Machine
Enable Windows NTP Server Machine
Prohibit connection to non-domain networks when connected to domain authenticated network Machine
Minimize the number of simultaneous connections to the Internet or a Windows Domain Machine
Prohibit connection to roaming Mobile Broadband networks Machine
Disable power management in connected standby mode Machine
Diagnostics: Configure scenario retention Machine
Diagnostics: Configure scenario execution level Machine
Turn off Windows Calendar User
Turn off Windows Calendar Machine
Prevent the wizard from running. Machine
Prevent the wizard from running. User
Allow only system backup Machine
Disallow locally attached storage as backup target Machine
Disallow network as backup target Machine
Disallow optical media as backup target Machine
Disallow run-once backups Machine
Prohibit installing or uninstalling color profiles User
Prohibit installing or uninstalling color profiles Machine
Prohibit access of the Windows Connect Now wizards User
Prohibit access of the Windows Connect Now wizards Machine
Configuration of wireless settings using Windows Connect Now Machine
Check for New Signatures Before Scheduled Scans Machine
Turn off Windows Defender Machine
Configure Microsoft Active Protection Service Reporting Machine
Turn off Real-Time Monitoring Machine
Turn off Routinely Taking Action Machine
Hide the common dialog back button User
Hide the dropdown list of recent files User
Hide the common dialog places bar User
Items displayed in Places Bar User
Turn on Classic Shell User
Display confirmation dialog when deleting files User
Allow only per user or approved shell extensions User
Do not track Shell shortcuts during roaming User
Maximum number of recent documents User
Turn off caching of thumbnail pictures User
Remove CD Burning features User
Remove UI to change menu animation setting User
Remove UI to change keyboard navigation indicator setting User
Remove DFS tab User
Hide these specified drives in My Computer User
No Entire Network in Network Locations User
Remove File menu from File Explorer User
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon User
Remove Hardware tab User
Hides the Manage item on the File Explorer context menu User
Remove Shared Documents from My Computer User
Remove "Map Network Drive" and "Disconnect Network Drive" User
Do not move deleted files to the Recycle Bin User
Do not request alternate credentials User
Remove Security tab User
Remove Search button from File Explorer User
Remove File Explorer's default context menu User
Prevent access to drives from My Computer User
Turn off Windows+X hotkeys User
No Computers Near Me in Network Locations User
Request credentials for network installations User
Maximum allowed Recycle Bin size User
Turn off shell protocol protected mode User
Turn off shell protocol protected mode Machine
Remove the Search the Internet "Search again" link User
Pin Internet search sites to the "Search again" links and the Start menu User
Pin Libraries or Search Connectors to the "Search again" links and the Start menu User
Verify old and new Folder Redirection targets point to the same share before redirecting Machine
Disable Known Folders User
Turn off the display of snippets in Content view mode User
Turn off Windows Libraries features that rely on indexed file data User
Turn off display of recent search entries in the File Explorer search box User
Disable binding directly to IPropertySetStorage without intermediate layers. Machine
Disable binding directly to IPropertySetStorage without intermediate layers. User
Turn off numerical sorting in File Explorer Machine
Turn off numerical sorting in File Explorer User
Allow OpenSearch queries in File Explorer Machine
Allow OpenSearch queries in File Explorer User
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Machine
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer User
Location where all default Library definition files for users/machines reside. Machine
Location where all default Library definition files for users/machines reside. User
Configure Windows SmartScreen Machine
Show lock in the user tile menu Machine
Show sleep in the power options menu Machine
Show hibernate in the power options menu Machine
Do not show the 'new application installed' notification Machine
Start File Explorer with ribbon minimized Machine
Start File Explorer with ribbon minimized User
Set a default associations configuration file Machine
Allow the use of remote paths in file shortcut icons Machine
Specify Windows File Protection cache location Machine
Limit Windows File Protection cache size Machine
Set Windows File Protection scanning Machine
Hide the file scan progress window Machine
Windows Firewall: Allow authenticated IPsec bypass Machine
Windows Firewall: Define inbound program exceptions Machine
Windows Firewall: Allow local program exceptions Machine
Windows Firewall: Protect all network connections Machine
Windows Firewall: Do not allow exceptions Machine
Windows Firewall: Allow inbound file and printer sharing exception Machine
Windows Firewall: Allow ICMP exceptions Machine
Windows Firewall: Allow logging Machine
Windows Firewall: Prohibit notifications Machine
Windows Firewall: Define inbound port exceptions Machine
Windows Firewall: Allow local port exceptions Machine
Windows Firewall: Allow inbound remote administration exception Machine
Windows Firewall: Allow inbound Remote Desktop exceptions Machine
Windows Firewall: Prohibit unicast response to multicast or broadcast requests Machine
Windows Firewall: Allow inbound UPnP framework exceptions Machine
Windows Firewall: Define inbound program exceptions Machine
Windows Firewall: Allow local program exceptions Machine
Windows Firewall: Protect all network connections Machine
Windows Firewall: Do not allow exceptions Machine
Windows Firewall: Allow inbound file and printer sharing exception Machine
Windows Firewall: Allow ICMP exceptions Machine
Windows Firewall: Allow logging Machine
Windows Firewall: Prohibit notifications Machine
Windows Firewall: Define inbound port exceptions Machine
Windows Firewall: Allow local port exceptions Machine
Windows Firewall: Allow inbound remote administration exception Machine
Windows Firewall: Allow inbound Remote Desktop exceptions Machine
Windows Firewall: Prohibit unicast response to multicast or broadcast requests Machine
Windows Firewall: Allow inbound UPnP framework exceptions Machine
Turn off Windows Mail application User
Turn off Windows Mail application Machine
Turn off the communities features User
Turn off the communities features Machine
Prevent Windows Media DRM Internet Access Machine
Prevent Automatic Updates Machine
Do Not Show First Use Dialog Boxes Machine
Prevent Video Smoothing Machine
Prevent CD and DVD Media Information Retrieval User
Prevent Media Sharing Machine
Prevent Music File Media Information Retrieval User
Prevent Quick Launch Toolbar Shortcut Creation Machine
Prevent Radio Station Preset Retrieval User
Prevent Desktop Shortcut Creation Machine
Allow Screen Saver User
Prevent Codec Download User
Do Not Show Anchor User
Hide Privacy Tab User
Hide Security Tab User
Set and Lock Skin User
Configure HTTP Proxy User
Configure MMS Proxy User
Configure RTSP Proxy User
Hide Network Tab User
Configure Network Buffering User
Streaming Media Protocols User
Do not automatically start Windows Messenger initially Machine
Do not automatically start Windows Messenger initially User
Do not allow Windows Messenger to be run Machine
Do not allow Windows Messenger to be run User
Allow Basic authentication Machine
Allow unencrypted traffic Machine
Disallow Digest authentication Machine
Disallow Negotiate authentication Machine
Disallow Kerberos authentication Machine
Allow CredSSP authentication Machine
Trusted Hosts Machine
Allow remote server management through WinRM Machine
Turn On Compatibility HTTP Listener Machine
Turn On Compatibility HTTPS Listener Machine
Allow Basic authentication Machine
Allow unencrypted traffic Machine
Disallow WinRM from storing RunAs credentials Machine
Disallow Negotiate authentication Machine
Disallow Kerberos authentication Machine
Allow CredSSP authentication Machine
Specify channel binding token hardening level Machine
Allow Remote Shell Access Machine
Specify idle Timeout Machine
MaxConcurrentUsers Machine
Specify maximum amount of memory in MB per Shell Machine
Specify maximum number of processes per Shell Machine
Specify Shell Timeout Machine
Specify maximum number of remote shells per user Machine
Windows Automatic Updates User
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Machine
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box User
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box User
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Machine
Remove access to use all Windows Update features User
Configure Automatic Updates Machine
Specify intranet Microsoft update service location Machine
Automatic Updates detection frequency Machine
Allow non-administrators to receive update notifications Machine
Allow Automatic Updates immediate installation Machine
Turn on recommended updates via Automatic Updates Machine
Turn on Software Notifications Machine
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Machine
No auto-restart with logged on users for scheduled automatic updates installations Machine
Re-prompt for restart with scheduled installations Machine
Delay Restart for scheduled installations Machine
Reschedule Automatic Updates scheduled installations Machine
Enable client-side targeting Machine
Allow signed updates from an intranet Microsoft update service location Machine
Turn off legacy remote shutdown interface Machine
Timeout for hung logon sessions during shutdown Machine
Require use of fast startup Machine
Display information about previous logons during user logon Machine
Remove logon hours expiration warnings User
Set action to take when logon hours expire User
Disable or enable software Secure Attention Sequence Machine
Report when logon server was not available during user logon Machine
Report when logon server was not available during user logon User
Custom User Interface User
Turn off automatic termination of applications that block or cancel shutdown Machine
Turn off the Store application User
Turn off the Store application Machine
Allow Store to install apps on Windows To Go workspaces Machine
Turn off Automatic Download of updates Machine
Set Cost Machine
Custom Instant Search Internet search provider User
Turn off tile notifications User
Turn off toast notifications User
Turn off toast notifications on the lock screen User
Turn off notifications network usage User
Set 3G Cost Machine
Set 4G Cost Machine
Policy Path
Windows Components\ActiveX Installer Service
Windows Components\ActiveX Installer Service
Control Panel\Add or Remove Programs
Windows Components\Active Directory Federation Services
Windows Components\Application Compatibility
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App runtime
Windows Components\Attachment Manager
Windows Components\AutoPlay Policies
Windows Components\Biometrics
Network\Background Intelligent Transfer Service (BITS)
Windows Components\Windows Customer Experience Improvement Program
Windows Components\Windows Customer Experience Improvement Program
Network\SSL Configuration Settings
System
System
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting
Windows Components\NetMeeting\Options Page
Control Panel
Control Panel
Control Panel
Control Panel
Control Panel\Display
Control Panel\Display
Control Panel\Personalization
Control Panel\User Accounts
System\Logon
System\Logon
System\Logon
System\Logon
System\Credentials Delegation
Windows Components\Credential User Interface
System\Ctrl+Alt+Del Options
System\Distributed COM\Application Compatibility Settings
System\Distributed COM\Application Compatibility Settings
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Active Directory
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Windows Components\Device and Driver Compatibility
Windows Components\Device and Driver Compatibility
System\Device Installation
System\Device Installation\Device Installation Restrictions
System\Driver Installation
System\Device Redirection\Device Redirection Restrictions
System\Device Redirection\Device Redirection Restrictions
Network
Windows Components\Digital Locker
Windows Components\Digital Locker
System\Troubleshooting and Diagnostics\Disk Diagnostic
System\Troubleshooting and Diagnostics\Disk Diagnostic
System\Disk NV Cache
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager\Window Frame Coloring
Windows Components\IME
System\Early Launch Antimalware
Windows Components\Edge UI
Windows Components\Edge UI
System
System\Enhanced Storage Access
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Consent
Windows Components\Event Forwarding
Windows Components\Event Forwarding
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\System
Windows Components\Event Viewer
Windows Components\File Explorer
Windows Components\Portable Operating System
Windows Components\File History
System\Troubleshooting and Diagnostics\Corrupted File Recovery
System\File Share Shadow Copy Agent
System\File Share Shadow Copy Provider
System\Filesystem
System\Filesystem\NTFS
System\Filesystem
System\Folder Redirection
Windows Components\File Explorer\Explorer Frame Pane
Windows Components\File Explorer\Explorer Frame Pane
System\Troubleshooting and Diagnostics\Fault Tolerant Heap
Windows Components\Game Explorer
System\Locale Services
Control Panel\Regional and Language Options
System
Control Panel\Regional and Language Options\Handwriting personalization
Control Panel\Regional and Language Options\Handwriting personalization
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions
System
System
System
System
Windows Components\Online Assistance
System\Internet Communication Management\Internet Communication settings
Network\Hotspot Authentication
System\Windows HotStart
System\Windows HotStart
System\Internet Communication Management
System\Internet Communication Management
Windows Components\Internet Information Services
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Content Page
Windows Components\Internet Explorer\Internet Control Panel\Content Page
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Corporate Settings\Code Download
Windows Components\Internet Explorer\Internet Settings\Display settings
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Settings\URL Encoding
Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors
Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing
Windows Components\RSS Feeds
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools
Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page
Windows Components\Internet Explorer\Internet Control Panel\General Page
Windows Components\Internet Explorer\Internet Settings
System\iSCSI\iSCSI Target Discovery
System\iSCSI\General iSCSI
System\iSCSI\General iSCSI
System\iSCSI\iSCSI Security
System\KDC
System\KDC
System\KDC
System\KDC
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
Network\Lanman Server
Network\Lanman Server
System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis
Network\Link-Layer Topology Discovery
Network\Link-Layer Topology Discovery
Windows Components\Location and Sensors\Windows Location Provider
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System
System
System
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
Windows Components\Windows Media Center
Windows Components\Windows Media Center
Windows Components\Microsoft Management Console
Windows Components\Microsoft Management Console
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions
Windows Components\Windows Mobility Center
Windows Components\Windows Mobility Center
Windows Components\Presentation Settings
Windows Components\Presentation Settings
Windows Components\Maintenance Scheduler
System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool
System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery
Windows Components\Windows Installer
Windows Components\Network Access Protection
Network\DirectAccess Client Experience Settings
Network\Network Connectivity Status Indicator
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon\DC Locator DNS Records
System\Net Logon
System\Net Logon
Network\Network Connections
Network\Network Isolation
Windows Components\Network Projector
Network\Offline Files
Network\Microsoft Peer-to-Peer Networking Services
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services
Windows Components\Family Safety
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Windows Components\Tablet PC\Tablet PC Pen Training
Windows Components\Tablet PC\Tablet PC Pen Training
System\Performance Control Panel
System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Performance PerfTrack
System\Power Management\Notification Settings
System\Power Management\Button Settings
System\Power Management\Hard Disk Settings
System\Power Management\Hard Disk Settings
System\Power Management
System\Power Management\Sleep Settings
System\Power Management\Video and Display Settings
System
Windows Components\Windows PowerShell
Windows Components \Windows PowerShell
Windows Components\File Explorer\Previous Versions
Printers
Printers
Printers
Printers
Control Panel\Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Control Panel\Programs
Windows Components\Password Synchronization
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler
Network\QoS Packet Scheduler\Layer-2 priority value
Windows Components\Windows Reliability Analysis
System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution
System\Recovery
System
System
System
System\Remote Assistance
System\Removable Storage Access
System\Remote Procedure Call
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Troubleshooting and Diagnostics\Scripted Diagnostics
System\Troubleshooting and Diagnostics\Scheduled Maintenance
Windows Components\Search
Windows Components\Search\OCR
Windows Components\Search\OCR
Windows Components\Security Center
Windows Components\Location and Sensors
System\Server Manager
System
System
Windows Components\Sync your settings
System
System
Shared Folders
Shared Folders
Windows Components\Network Sharing
Windows Components\HomeGroup
System
System
System
System
Windows Components\Desktop Gadgets
Windows Components\Windows SideShow
Windows Components\Smart Card
Windows Components\Server for NIS
Windows Components\Server for NIS
Network\SNMP
Network\SNMP
Network\SNMP
Windows Components\Sound Recorder
Windows Components\Sound Recorder
System\File Classification Infrastructure
System\File Classification Infrastructure
System\Access-Denied Assistance
System\Access-Denied Assistance
Start Menu and Taskbar
Windows Components\Windows System Resource Manager
System\System Restore
System\System Restore
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Cursors
Windows Components\Tablet PC\Cursors
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Pen Flicks Learning
Windows Components\Tablet PC\Pen Flicks Learning
Windows Components\Tablet PC\Pen UX Behaviors
Windows Components\Tablet PC\Pen UX Behaviors
Windows Components\Task Scheduler
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\Parameters
Network\TCPIP Settings\Parameters
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\RD Gateway
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles
Windows Components\Remote Desktop Services\RD Licensing
Windows Components\Remote Desktop Services\RD Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2
Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection
Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections
Windows Components\Tablet PC\Touch Input
System\Trusted Platform Module Services
Windows Components\Backup\Client
System\User Profiles
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
System\Windows Time Service
System\Windows Time Service\Time Providers
Network\Windows Connection Manager
System\Troubleshooting and Diagnostics
System\Troubleshooting and Diagnostics
Windows Components\Windows Calendar
Windows Components\Windows Calendar
Windows Components\Add features to Windows 8
Windows Components\Add features to Windows 8
Windows Components\Backup\Server
Windows Components\Windows Color System
Windows Components\Windows Color System
Network\Windows Connect Now
Windows Components\Windows Defender
Windows Components\File Explorer\Common Open File Dialog
System\Windows File Protection
Network\Network Connections\Windows Firewall
Network\Network Connections\Windows Firewall\Domain Profile
Network\Network Connections\Windows Firewall\Standard Profile
Windows Components\Windows Mail
Windows Components\Windows Media Digital Rights Management
Windows Components\Windows Media Player
Windows Components\Windows Media Player\Playback
Windows Components\Windows Media Player\Playback
Windows Components\Windows Media Player\User Interface
Windows Components\Windows Media Player\Networking
Windows Components\Windows Messenger
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Shell
System
Windows Components\Windows Update
Windows Components\Shutdown Options
Windows Components\Shutdown Options
System\Shutdown
Windows Components\Windows Logon Options
System
System\Shutdown Options
Windows Components\Store
Network\WLAN Service\WLAN Media Cost
Windows Components\Instant Search
Start Menu and Taskbar\Notifications
Network\WWAN Service\WWAN Media Cost
Network\WWAN Service\WWAN Media Cost
Registry Information
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\ApprovedActiveXInstallSites
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallSignedOCX, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallUnSignedOCX, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!IgnoreUnknownCA, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!IgnoreInvalidCN, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!IgnoreInvalidCertDate, HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!IgnoreWrongCertUsage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!DefaultCategory
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromCDorFloppy
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromInternet
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromNetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddRemovePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoChooseProgramsPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoRemovePage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoSupportInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoWindowsSetupPage
HKLM\Software\Policies\Microsoft\Windows\ADFS!DisallowFederationService
HKLM\Software\Policies\Microsoft\Windows\AppCompat!VDMDisallowed
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePropPage
HKLM\Software\Policies\Microsoft\Windows\AppCompat!AITEnable
HKLM\Software\Policies\Microsoft\Windows\AppCompat!SbEnable
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableEngine
HKCU\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableUAR
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableInventory
HKLM\Software\Policies\Microsoft\Windows\Appx!AllowAllTrustedApps
HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDeploymentInSpecialProfiles
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume
HKLM\SOFTWARE\Policies\Microsoft\Biometrics!Enabled
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Enabled
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Domain Accounts
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!SwitchTimeoutInSeconds
HKLM\Software\Policies\Microsoft\Windows\BITS!JobInactivityTimeout
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxDownloadTime
HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOnSchedule, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidFrom, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidTo, HKLM\Software\Policies\Microsoft\Windows\BITS!UseSystemMaximum, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOffSchedule
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!IgnoreBandwidthLimitsOnLan, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!StartDay, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!EndDay, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!StartHour, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!EndHour, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!HighBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!HighBandwidthType, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!NormalBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!NormalBandwidthType, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!LowBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\WorkSchedule!LowBandwidthType, H
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!StartDay, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!EndDay, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!StartHour, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!EndHour, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!HighBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!HighBandwidthType, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!NormalBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!NormalBandwidthType, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!LowBandwidthLimit, HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling\MaintenanceSchedule!LowBandwidthType
HKLM\Software\Policies\Microsoft\Windows\BITS!EnablePeercaching
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxContentAge
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxCacheSize
HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingClient
HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingServer
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthServed
HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicyCustom, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!HighTransferPolicy, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!HighTransferPolicyCustom, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!NormalTransferPolicy, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!NormalTransferPolicyCustom, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!LowTransferPolicy, HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!LowTransferPolicyCustom
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerMachine
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerUser
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxFilesPerJob
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxRangesPerFile
HKLM\Software\Policies\Microsoft\Windows\BITS!DisableBranchCache
HKLM\Software\Policies\Microsoft\SQMClient!CorporateSQMURL
HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId, HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!Functions
HKCU\Software\Policies\Microsoft\Windows\App Management!COMClassStore
HKLM\Software\Policies\Microsoft\Windows\App Management!COMClassStore
HKCU\Software\Policies\Microsoft\Conferencing!NoAppSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoAllowControl
HKCU\Software\Policies\Microsoft\Conferencing!NoSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDosWindows
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDesktop
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingExplorer
HKCU\Software\Policies\Microsoft\Conferencing!NoTrueColorSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoAudio
HKCU\Software\Policies\Microsoft\Conferencing!NoChangeDirectSound
HKCU\Software\Policies\Microsoft\Conferencing!NoFullDuplex
HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingVideo
HKCU\Software\Policies\Microsoft\Conferencing!NoSendingVideo
HKCU\Software\Policies\Microsoft\Conferencing!MaximumBandwidth
HKCU\Software\Policies\Microsoft\Conferencing!PersistAutoAcceptCalls
HKCU\Software\Policies\Microsoft\Conferencing!NoChat
HKCU\Software\Policies\Microsoft\Conferencing!NoNewWhiteBoard
HKCU\Software\Policies\Microsoft\Conferencing!NoOldWhiteBoard
HKLM\Software\Policies\Microsoft\Conferencing!NoRDS
HKCU\Software\Policies\Microsoft\Conferencing!Use AutoConfig, HKCU\Software\Policies\Microsoft\Conferencing!ConfigFile
HKCU\Software\Policies\Microsoft\Conferencing!NoAddingDirectoryServers
HKCU\Software\Policies\Microsoft\Conferencing!NoAutoAcceptCalls
HKCU\Software\Policies\Microsoft\Conferencing!NoChangingCallMode
HKCU\Software\Policies\Microsoft\Conferencing!NoDirectoryServices
HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingFiles
HKCU\Software\Policies\Microsoft\Conferencing!NoSendingFiles
HKCU\Software\Policies\Microsoft\Conferencing!NoWebDirectory
HKCU\Software\Policies\Microsoft\Conferencing!MaxFileSendSize
HKCU\Software\Policies\Microsoft\Conferencing!IntranetSupportURL
HKCU\Software\Policies\Microsoft\Conferencing!CallSecurity
HKCU\Software\Policies\Microsoft\Conferencing!NoAdvancedCalling
HKCU\Software\Policies\Microsoft\Conferencing!NoAudioPage
HKCU\Software\Policies\Microsoft\Conferencing!NoGeneralPage
HKCU\Software\Policies\Microsoft\Conferencing!NoSecurityPage
HKCU\Software\Policies\Microsoft\Conferencing!NoVideoPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceClassicControlPanel
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoControlPanel
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispCPL
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispSettingsPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispAppearancePage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispScrSavPage
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveActive
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!SCRNSAVE.EXE
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveTimeOut
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoChangingWallPaper
HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingSoundScheme
HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingMousePointers
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispBackgroundPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoColorChoice
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThemesTab
HKCU\Software\Policies\Microsoft\Windows\Personalization!ThemeFile
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoVisualStyleChoice
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!SetVisualStyle
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoSizeChoice
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreen
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingLockScreen
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingStartMenuBackground
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!UseDefaultTile
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DefaultLogonDomain
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ExcludedCredentialProviders
HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainPINLogon
HKLM\Software\Policies\Microsoft\Windows\System!BlockDomainPicturePassword
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowDefault
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowDefNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowFresh
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowFreshNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowSaved
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_AllowSavedNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\DenyDefaultCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_DenyDefault
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\DenyFreshCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_DenyFresh
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation\DenySavedCredentials, HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!ConcatenateDefaults_DenySaved
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnumerateAdministrators
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnableSecureCredentialPrompting
HKLM\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal
HKCU\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableChangePassword
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableLockWorkstation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoLogoff
HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList
HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList, HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat\ActivationSecurityCheckExemptionList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceActiveDesktopOn
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktopChanges
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Delete
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoAddingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoClosingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoDeletingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoEditingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoHTMLWallPaper
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!WallpaperStyle
HKCU\Software\Policies\Microsoft\Windows\Directory UI!EnableFilter
HKCU\Software\Policies\Microsoft\Windows\Directory UI!HideDirectoryFolder
HKCU\Software\Policies\Microsoft\Windows\Directory UI!QueryLimit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisablePersonalDirChange
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktopCleanupWizard
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetIcon
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetHood
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyComputer
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyDocuments
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsNetHood
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{645FF040-5081-101B-9F08-00AA002F954E}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesRecycleBin
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSaveSettings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCloseDragDropBands
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMovingBands
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoWindowMinimizingShortcuts
HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDeviceFlags
HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDriverShims
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllSigningEqual
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!InstallTimeout
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSystemRestore
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllowRemoteRPC
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowAdminInstall
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceClasses
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClassesRetroactive
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDsRetroactive
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyRemovableDevices
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyUnspecified
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot, HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!RebootTime
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!SimpleText
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!DetailText
HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses, HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions\AllowUserDeviceClasses
HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing!BehaviorOnFailedVerify
HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!AllowRedirect
HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs, HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions\DenyDeviceIDs
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableBalloonTips
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendGenericDriverNotFoundToWER
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendRequestAdditionalSoftwareToWER
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies, HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchCD, HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverServerSelection
HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork
HKLM\Software\Policies\Microsoft\System\DFSClient!DfsDcNameDelay
HKCU\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker
HKLM\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!DfdAlertTextOverride
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!EnabledScenarioExecutionLevel
HKLM\Software\Policies\Microsoft\Windows\NvCache!OptimizeBootAndResume
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnablePowerModeState
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableNvCache
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableSolidStateMode
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enable
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enforce
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Limit, HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LimitUnits, HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Threshold, HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!ThresholdUnits
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverLimit
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverThreshold
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!ApplyToRemovableMedia
HKLM\Software\Policies\Microsoft\Windows\System!DLT_AllowDomainMode
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AdapterDomainName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!NameServer
HKLM\Software\Policies\Microsoft\System\DNSClient!NV PrimaryDnsSuffix
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterAdapterName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterReverseLookup
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationEnabled
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationOverwritesInConflict
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationRefreshInterval
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationTtl
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!SearchList
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateSecurityLevel
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateTopLevelDomainZones
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableDevolutionLevelControl, HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DomainNameDevolutionLevel
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableMulticast
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AppendToMultiLabelName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartNameResolution
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartProtocolReordering
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!QueryNetBTFQDN
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!PreferLocalOverLowerBindingDNS
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableIdnEncoding
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableIdnMapping
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisableAccentGradient
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState, HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorAlpha, HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorRed, HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorGreen, HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorBlue
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState, HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorAlpha, HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorRed, HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorGreen, HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorBlue
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges
HKCU\software\policies\microsoft\ime\shared!misconvlogging
HKCU\software\policies\microsoft\ime\imejp!SaveAutoTuneDataToFile
HKCU\software\policies\microsoft\ime\imejp!UseHistorybasedPredictiveInput
HKCU\software\policies\microsoft\ime\shared!OpenExtendedDict
HKCU\software\policies\microsoft\ime\shared!SearchPlugin
HKCU\software\policies\microsoft\ime\shared!UserDict
HKCU\software\policies\microsoft\ime\imejp!CodeAreaForConversion
HKCU\software\policies\microsoft\ime\imejp!ShowOnlyPublishingStandardGlyph
HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy, HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!TurnOffBackstack
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableMFUTracking
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoEncryptOnMove
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!RootHubConnectedEnStorDevices
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!AllowCertSiloProvisioning
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!LockDeviceOnMachineLock
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisallowLegacyDiskDevices
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisablePasswordAuthentication
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!TCGSecurityActivationDisabled
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy, HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos\List
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled, HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices\List
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoFileCollection, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoSecondLevelCollection, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ForceQueueMode, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWFileTreeRoot, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWReporteeName
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWAllowHeadless
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontShowUI
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeMicrosoftApps, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeWindowsApps
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeKernelFaults
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive, HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!ConfigureArchive, HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!MaxArchiveCount
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!ConfigureArchive, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!MaxArchiveCount
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerUseSSL, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerPortNumber
HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue, HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!ForceQueue, HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!MaxQueueCount, HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!QueuePesterInterval
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!ForceQueue, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!MaxQueueCount, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!QueuePesterInterval
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent
HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager
HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding!MaxForwardingRate
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!ChannelAccess
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!ChannelAccess
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!ChannelAccess
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Enabled
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!ChannelAccess
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AlwaysShowClassicMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreventItemCreationInUsersFilesFolder
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TurnOffSPIAnimations
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoHeapTerminationOnCorruption
HKLM\Software\Policies\Microsoft\Windows\Explorer!AdminInfoUrl
HKLM\Software\Policies\Microsoft\PortableOperatingSystem!Launcher
HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Hibernate
HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Sleep
HKLM\Software\Policies\Microsoft\Windows\FileHistory!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!EnabledScenarioExecutionLevel
HKLM\Software\Policies\Microsoft\Windows\fssAgent!MaximumShadowCopyAgeInHours
HKLM\Software\Policies\Microsoft\Windows\fssProv!EncryptProtocol
HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState, HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymlinkLocalToLocalEvaluation, HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymlinkLocalToRemoteEvaluation, HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymlinkRemoteToRemoteEvaluation, HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymlinkRemoteToLocalEvaluation
HKLM\System\CurrentControlSet\Policies!NtfsDisableCompression
HKLM\System\CurrentControlSet\Policies!NtfsDisableEncryption
HKLM\System\CurrentControlSet\Policies!NtfsEncryptPagingFile
HKLM\System\CurrentControlSet\Policies!NtfsDisable8dot3NameCreation
HKLM\System\CurrentControlSet\Policies!DisableDeleteNotification
HKLM\System\CurrentControlSet\Policies!NtfsEnableTxfDeprecatedFunctionality
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths
HKCU\Software\Policies\Microsoft\Windows\NetCache!DisableFRAdminPin
HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{33E28130-4E1E-4676-835A-98395C3BC3BB}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{4BD8D571-6D19-48D3-BE97-422220080E43}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{1777F761-68AD-4D8A-87BD-30B759FA33DD}!DisableFRAdminPinByFolder, HKCU\Software\Policies\Microsoft\Windows\NetCache\{56784854-C6CB-462b-8169-88E350ACB882}!Disabl
HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!FolderRedirectionEnableCacheRename
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR
HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPreviewPane
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoReadingPane
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!EnabledScenarioExecutionLevel
HKLM\Software\Policies\Microsoft\Windows\GameUX!DownloadGameInfo
HKLM\Software\Policies\Microsoft\Windows\GameUX!ListRecentlyPlayed
HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions
HKCU\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect
HKLM\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales, HKLM\Software\Policies\Microsoft\Control Panel\International!AllowableSystemLocaleTagList
HKLM\Software\Policies\Microsoft\Control Panel\International!BlockUserInputMethodsForSignIn
HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales, HKCU\Software\Policies\Microsoft\Control Panel\International!AllowableUserLocaleTagList
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales, HKLM\Software\Policies\Microsoft\Control Panel\International!AllowableUserLocaleTagList
HKCU\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange
HKLM\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange
HKCU\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides
HKLM\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides
HKCU\Software\Policies\Microsoft\Control Panel\International!HideAdminOptions
HKCU\Software\Policies\Microsoft\Control Panel\International!HideCurrentLocation
HKCU\Software\Policies\Microsoft\Control Panel\International!HideLanguageSelection
HKCU\Software\Policies\Microsoft\Control Panel\International!HideLocaleSelectAndCustomize
HKLM\Software\Policies\Microsoft\MUI\Settings!PreferredUILanguages
HKCU\Software\Policies\Microsoft\Control Panel\Desktop!PreferredUILanguages
HKLM\Software\Policies\Microsoft\MUI\Settings!MachineUILock
HKCU\Software\Policies\Microsoft\Control Panel\Desktop!MultiUILanguageID
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffOfferTextPredictions
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffInsertSpace
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffAutocorrectMisspelledWords
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffHighlightMisspelledWords
HKLM\Software\Policies\Microsoft\Control Panel\International!BlockCleanupOfUnusedPreinstalledLangPacks
HKCU\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax!1
HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection, HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitInkCollection
HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection, HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitInkCollection
HKLM\Software\Policies\Microsoft\Windows\System!ProcessTSUserLogonAsync
HKLM\Software\Policies\Microsoft\Windows\System!ResetDfsClientInfoDuringRefreshPolicy
HKLM\Software\Policies\Microsoft\Windows\System!DisableAOACProcessing
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDefaultForDirectAccess
HKLM\Software\Policies\Microsoft\Windows\System!SlowlinkDefaultToAsync
HKLM\Software\Policies\Microsoft\Windows\System!DisableLGPOProcessing
HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue
HKLM\Software\Policies\Microsoft\Windows\System!AllowX-ForestPolicy-and-RUP
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoGPOListChanges
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoGPOListChanges
HKCU\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser
HKLM\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DisableAutoADMUpdate
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableBkGndGroupPolicy
HKLM\Software\Policies\Microsoft\Windows\System!DenyUsersFromMachGP
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!ShowPoliciesOnly
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DCOption
HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate, HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDefaultFor3G
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime, HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeOffset
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC, HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeOffsetDC
HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime, HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeOffset
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!GPODisplayName
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!NewGPOLinksDisabled
HKLM\Software\Policies\Microsoft\Windows\Group Policy!OnlyUseLocalAdminFiles
HKLM\Software\Policies\Microsoft\Windows\System!RSoPLogging
HKLM\Software\Policies\Microsoft\Windows\System!UserPolicyMode
HKLM\Software\Policies\Microsoft\Windows\System!CorpConnStartTimeoutPolicyValue
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!TraceFilePathMachine, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!TraceFileMaxSize
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoGPOListChanges, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!BackgroundPriorityLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!TraceLevel, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!TraceFilePathUser, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!TraceFilePathPlanning, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!TraceFileMaxSize
HKCU\Software\Policies\Microsoft\MMC\{6A712058-33C6-4046-BCF9-0EA3A8808EDC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0DA274B5-EB93-47A7-AAFB-65BA532D3FE6}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{17C6249E-BA57-4F69-AE93-4FB3D25CD9D7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1612b55c-243c-48dd-a449-ffc097b19776}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1b767e9a-7be4-4d35-85c1-2e174a7ba951}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{35141B6B-498A-4cc7-AD59-CEF93D89B2CE}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{516FC620-5D34-4B08-8165-6A06B623EDEB}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5C935941-A954-4F7C-B507-885941ECE5C4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{79F92669-4224-476c-9C5C-6EFB4D87DF4A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{949FB894-E883-42C6-88C1-29169720E8CA}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BFCBBEB0-9DF4-4c0c-A728-434EA66A0373}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A8C42CEA-CDB8-4388-97F4-5831F933DA84}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B9CCA4DE-E2B9-4CBD-BF7D-11B6EBFBDDF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CC5746A9-9B74-4be5-AE2E-64379C86E0E4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CF848D48-888D-4F45-B530-6A201E62A605}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{127537A8-C1ED-40BC-9AE5-C5891DF6B2D4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{45B01F1C-5AC2-458c-9457-42A81B34A26D}!Restrict_Run
HKLM\Software\Policies\Microsoft\Windows\System!HelpQualifiedRootDir
HKCU\Software\Policies\Microsoft\Windows\System!DisableInHelp
HKLM\Software\Policies\Microsoft\Windows\System!DisableInHelp
HKLM\Software\Policies\Microsoft\Windows\System!DisableHHDEP
HKLM\Software\Policies\Microsoft\Assistance\Client\1.0!NoActiveHelp
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoExplicitFeedback
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoImplicitFeedback
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoOnlineAssist
HKLM\Software\Policies\Microsoft\Windows\HotspotAuthentication!Enabled
HKCU\Software\policies\Microsoft\System\HotStart!NoHotStart
HKLM\Software\policies\Microsoft\System\HotStart!NoHotStart
HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload, HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports, HKCU\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing, HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoOnlineAssist, HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoExplicitFeedback, HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoImplicitFeedback, HKCU\S
HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport, HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting!Disabled, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW, HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks, HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate, HKLM\Software\Policies\Microsoft\Windows\R
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch
HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW
HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport, HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting!Disabled
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess
HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP
HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP
HKLM\Software\Policies\Microsoft\SQMClient\Windows!CEIPEnable
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!NoActiveProbe
HKLM\Software\Policies\Microsoft\Windows NT\IIS!PreventIISInstall
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-00C04FD9152D}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{52ADE293-85E8-11D2-BB22-00104B0EA281}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{7823A620-9DD9-11CF-A662-00AA00C066D2}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{F5131C24-E56D-11CF-B78A-444553540000}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-00C04FD64497}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-00A0C90DD90C}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-00AA004A5FC5}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-0080C744F389}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-00C04F9A8CFA}
HKLM\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType
HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup
HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED
HKLM\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures
HKCU\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck
HKLM\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Append Completion
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Use AutoComplete
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Disable Script Debugger
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Friendly http errors
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Page_Transitions
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Error Dlg Displayed On Every Error
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!SmoothScroll
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Anchor Underline
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionCount, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MinUpdateInterval, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UpdateExcludeBegin, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UpdateExcludeEnd, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxWebcrawlLevels
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingChannels
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelLogging
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelUI
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingChannels
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoScheduledUpdates
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSubscriptionContent
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CodeBaseSearchPath
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize, HKCU\Software\Policies\Microsoft\Internet Explorer\Zoom!ResetTextSizeOnStartup, HKCU\Software\Policies\Microsoft\Internet Explorer\International\Scripts!IEFontSize
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!UrlEncoding
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Background Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Text Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use_DlgBox_Colors
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion!IEAKUpdateUrl
HKCU\Software\Policies\Microsoft\Internet Connection Wizard!DisableICW
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3, HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3, HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover
HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover
HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession
HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
HKLM\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableAutoProxyResultCache
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExternalBranding
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Advanced
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DialupAutodetect
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV9
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV9
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverride
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverride
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverrideAppRepUnknown
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverrideAppRepUnknown
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableSecuritySettingsCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableSecuritySettingsCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser!ITBar7Position
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisplayScriptDownloadFailureUI
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus, HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!NoNavBar, HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!NoCommandBar
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus, HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!NoNavBar, HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!NoCommandBar
HKLM\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites
HKCU\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites
HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation
HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation
HKLM\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE
HKCU\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE
HKLM\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled
HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked Down
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar, HKCU\Software\Microsoft\Internet Explorer\media!Autoplay
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTrackingProtection
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Groups
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSplash
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoUpdateCheck
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse
HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments
HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow, HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow
HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow, HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Accessibility
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Cache
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!CalendarContact
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Certificates
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Check_If_Default
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Check_Associations
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Colors
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings, HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connwiz Admin Lock
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connwiz Admin Lock
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Fonts
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest, HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!FormSuggest
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords, HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!FormSuggest Passwords, HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest PW Ask
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History!DaysToKeep
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History!DaysToKeep
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage, HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Start Page
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Languages
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!links
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Messaging
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Profiles
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Ratings
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ResetWebSettings
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes
HKLM\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFindFiles
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchCustomization
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_HKLM_only
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_options_edit
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_zones_map_edit
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly
HKLM\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram
HKCU\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxySettingsPerUser
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!Locked-Down Internet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!Locked-Down Internet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!Internet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!Internet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!Locked-Down Intranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!Locked-Down Intranet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!Intranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!Intranet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!Locked-Down Local Machine Zone
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!Locked-Down Local Machine Zone
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!Local Machine Zone
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!Local Machine Zone
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!Locked-Down Restricted Sites
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!Locked-Down Restricted Sites
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!Restricted Sites
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!Restricted Sites
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!Locked-Down Trusted Sites
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!Locked-Down Trusted Sites
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!Trusted Sites
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!Trusted Sites
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Hover
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Visited
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Use Anchor Hover Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserClose
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserSaveAs
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileNew
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileOpen
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemSendFeedback
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemNetscapeHelp
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTipOfTheDay
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTutorial
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserContextMenu
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFavorites
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoOpeninNewWnd
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoSelectDownloadDir
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserOptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoTheaterMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoViewSource
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable AutoImageResize
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Images
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Show image placeholders
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer!SmartDithering
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DocumentLimit
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Print_Background
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove
HKLM\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved), HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!explorer.exe, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt, HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DEPOff
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe
HKCU\Software\Policies\Microsoft\IEAK!NoAutomaticSignup
HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader
HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled
HKCU\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Back, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Forward, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Stop, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Refresh, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Home, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Search, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Favorites, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_History, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Folders, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Fullscreen, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Tools, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_MailNews, HKCU\
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb
HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons
HKLM\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar
HKCU\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Interval
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Page
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall
HKLM\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall
HKCU\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall
HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities
HKCU\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities
HKLM\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly
HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAutoUpgrade
HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports
HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureiSNSServers
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargetPortals
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargets
HKLM\Software\Policies\Microsoft\Windows\iSCSI!NewStaticTargets
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeIQNName
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RestrictAdditionalLogins
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeCHAPSecret
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireIPSec
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireMutualCHAP
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireOneWayCHAP
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EmitLILI
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!ForestSearchList
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableCbacAndArmor, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!CbacAndArmorLevel
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!TicketSizeThreshold
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\domain_realm
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\MitRealms
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!KdcValidation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!ForestSearchList
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!StrictTargetContext
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\KdcProxy\ProxyServers
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!NoRevocationCheck
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!RequireFast
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled, HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdEnabled
HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize, HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!MaxTokenSize
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!EnableCbacAndArmor
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashPublicationForPeerCaching
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashSupportVersion
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!EnabledScenarioExecutionLevel
HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowLLTDIOOnDomain, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowLLTDIOOnPublicNet, HKLM\Software\Policies\Microsoft\Windows\LLTD!ProhibitLLTDIOOnPrivateNet
HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowRspndrOnDomain, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowRspndrOnPublicNet, HKLM\Software\Policies\Microsoft\Windows\LLTD!ProhibitRspndrOnPrivateNet
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableWindowsLocationProvider
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRun
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonType
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon!SyncForegroundPolicy
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStatusMessages
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!VerboseStatus
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideFastUserSwitching
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStartupSound
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableFirstLogonAnimation
HKLM\Software\Policies\Microsoft\Windows\System!UseOEMBackground
HKLM\Software\Policies\Microsoft\Windows\System!DontEnumerateConnectedUsers
HKLM\Software\Policies\Microsoft\Windows\System!EnumerateLocalUsers
HKLM\Software\Policies\Microsoft\Windows\System!DisableLockScreenAppNotifications
HKCU\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter
HKLM\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter
HKCU\Software\Policies\Microsoft\MMC!RestrictAuthorMode
HKCU\Software\Policies\Microsoft\MMC!RestrictToPermittedSnapins
HKCU\Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1AA7F83C-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1F5EEC01-1214-4D94-80C5-4BDCD2014DDD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3F276EB4-70EE-11D1-8A0F-00C04FB93753}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE450B-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9EC88934-C774-11d1-87F4-00C04FC2C17B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4502-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{634BDE40-E5E1-49A1-B2CD-140FFFC830F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2E19B602-48EB-11d2-83CA-00104BCA42CF}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90810502-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{6E8E0081-19CD-11D1-AD91-00AA00B8E05A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{6d8880af-e518-43a8-986c-1ad21c4c976e}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{34AB8E82-C27E-11D1-A6C0-00C04FB94F17}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5880CD5C-8EC0-11d1-9570-0060B0576642}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{243E20B0-48ED-11D2-97DA-00A024D77700}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DAB1A262-4FD7-11D1-842C-00C04FB6C218}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B1AFF7D0-0C49-11D1-BB12-00C04FC9A3A3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{58221C69-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{03f1f940-a0f2-11d0-bb77-00aa00a1eab7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7AF60DD3-4979-11D1-8A6C-00C04FC33566}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run, HKCU\Software\Policies\Microsoft\MMC\{D02B1F72-3407-48ae-BA88-E8213C6761F1}!Restrict_Run, HKCU\Software\Policies\Microsoft\MMC\{84DE202D-5D95-4764-9014-A46F994CE856}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run, HKCU\Software\Policies\Microsoft\MMC\{D02B1F73-3407-48ae-BA88-E8213C6761F1}!Restrict_Run, HKCU\Software\Policies\Microsoft\MMC\{84DE202E-5D95-4764-9014-A46F994CE856}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3060E8CE-7020-11D2-842D-00C04FA372D4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B6664F-4972-11D1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66650-4972-11D1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{942A8E4F-A261-11D1-A760-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{06993B16-A5C7-47EB-B61C-B1CB7EE600AC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2DA6AA7F-8C88-4194-A558-0D36E7FD3E64}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AE-EF3A-41C8-A911-37370C331DD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AF-EF3A-41C8-A911-37370C331DD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{c40d66a0-e90c-46c6-aa3b-473e38c72bf2}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{d524927d-6c08-46bf-86af-391534d779d3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66660-4972-11d1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66661-4972-11d1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{fe883157-cebd-4570-b7a2-e4fe06abe626}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7E45546F-6D52-4D10-B702-9C2E67232E62}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{de751566-4cc6-11d1-8ca0-00c04fc297eb}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A994E107-6854-4F3D-917C-E6F01670F6D3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{74246bfc-4c96-11d0-abef-0020af6b0b7a}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{43668E21-2636-11D1-A1CE-0080C88593A5}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{D2779945-405B-4ACE-8618-508F3E3054AC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FF5903A8-78D6-11D1-92F6-006097B01056}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{89cc9588-7628-4d29-8e4a-6550d0087059}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA2-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{57C596D0-9370-40C0-BA0D-AB491B63255D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{18BA7139-D98B-43c2-94DA-2604E34E175D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{6630f2d7-bd52-4072-bfa7-863f3d0c5da0}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3D5D035E-7721-4B83-A645-6C07A3D403B7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{45ac8c63-23e2-11d1-a696-00c04fd58bc3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{23DC5869-BD9F-46fd-AADD-1F869BA64FC3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9FE24B92-C23D-451c-8045-73038D99E620}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C11D2F3B-E2F4-4e5b-824B-84A87AB0F666}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc35-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc37-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{dbfca500-8c31-11d0-aa2c-00a0c92749a3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{813C1B01-6624-4922-9C6C-03C315646584}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f9f63d92-6225-410b-bb02-26239b8f1f59}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{671ee405-c969-4af9-ad1b-65e96b3b9a10}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f78fbadd-c21a-4e0a-b53d-c879a9c8f002}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46c-1297-4474-9cdf-831ebb245f49}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46e-1297-4474-9cdf-831ebb245f49}!Restrict_Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Activation Boundary
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Random Delay
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!WakeUp
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!DisableQueryRemoteServer
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!EnabledScenarioExecutionLevel
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownBrowse
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownMedia
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownPatch
HKCU\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated
HKLM\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableAutomaticApplicationShutdown
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableBrowse
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableFlyweightPatching
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLoggingFromPackage
HKCU\Software\Policies\Microsoft\Windows\Installer!DisableMedia
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableMSI
HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatch
HKCU\Software\Policies\Microsoft\Windows\Installer!DisableRollback
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableRollback
HKLM\Software\Policies\Microsoft\Windows\Installer!EnableUserControl
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLUAPatching
HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatchUninstall
HKLM\Software\Policies\Microsoft\Windows\Installer!LimitSystemRestoreCheckpointing
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableUserInstalls
HKLM\Software\Policies\Microsoft\Windows\Installer!EnforceUpgradeComponentRules
HKLM\Software\Policies\Microsoft\Windows\Installer!MaxPatchCacheSize
HKLM\Software\Policies\Microsoft\Windows\Installer!Logging
HKLM\Software\Policies\Microsoft\Windows\Installer!SafeForScripting
HKCU\Software\Policies\Microsoft\Windows\Installer!SearchOrder
HKLM\Software\Policies\Microsoft\Windows\Installer!TransformsSecure
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableSharedComponent
HKLM\Software\Policies\Microsoft\Windows\Installer!MsiDisableEmbeddedUI
HKLM\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Qecs\79620!Enabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!SupportEmail
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!FriendlyName
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!ShowUI
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!NamePreferenceAllowed
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!PassiveMode
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes!Probe
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs!DTE
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\CustomCommands!CustomCommand
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!WebProbeUrl
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeHost
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeContent
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!SitePrefixes
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DomainLocationDeterminationUrl
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!DisablePassivePolling
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidPdcOnWan
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryInitialPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryMaximumPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryQuitTime
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundSuccessfulRefreshPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!dbFlag
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ExpectedDialupDelay
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!MaximumLogFileSize
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NegativeCachePeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveScriptsShareAccess
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NonBackgroundSuccessfulRefreshPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ScavengeInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteName
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveSysvolShareAccess
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowSingleLabelDnsDomain
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AutoSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsAvoidRegisterRecords
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsRefreshInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsTtl
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!GcSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvPriority
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvWeight
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NdncSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!UseDynamicDns
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!TryNextClosestSite
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ForceRediscoveryInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressTypeReturned
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowNT4Crypto
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!IgnoreIncomingMailslotMessages
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidFallbackNetbiosDiscovery
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressLookupOnPingBehavior
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!PingUrgencyMode
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AddRemoveComponents
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AdvancedSettings
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowAdvancedTCPIPConfig
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowNetBridge_NLA
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_ChangeBindState
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteAllUserConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DialupPrefs
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_EnableAdminProhibits
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_IpStateChecking
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanChangeProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanConnect
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_NewConnectionWizard
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_PersonalFirewallConfig
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasAllUserProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasChangeProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasConnect
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasMyProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameAllUserRasConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameLanConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameMyRasConnection
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_ShowSharedAccessUI
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_Statistics
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_StdDomainUserSetLocation
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_DoNotShowLocalOnlyIcon
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Force_Tunneling
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainProxies
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainLocalProxies
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainSubnets
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DProxiesAuthoritive
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DSubnetsAuthoritive
HKCU\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector
HKLM\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector
HKLM\Software\Policies\Microsoft\NetworkProjector!NetworkProjectionPortNo
HKLM\Software\Policies\Microsoft\Windows\NetCache!AlwaysPinSubFolders
HKCU\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders
HKLM\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders
HKCU\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions
HKLM\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions
HKLM\Software\Policies\Microsoft\Windows\NetCache!DefCacheSize
HKLM\Software\Policies\Microsoft\Windows\NetCache!Enabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!EncryptCache
HKCU\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel
HKLM\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel
HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludeExtensions
HKCU\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction
HKLM\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline
HKCU\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList
HKLM\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoReminders
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoReminders
HKLM\Software\Policies\Microsoft\Windows\NetCache!PurgeAtLogoff, HKLM\Software\Policies\Microsoft\Windows\NetCache!PurgeOnlyAutoCacheAtLogoff
HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes
HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes
HKCU\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds
HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkSpeed
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend
HKLM\Software\Policies\Microsoft\Windows\NetCache!EconomicalAdminPinning
HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled, HKLM\Software\Policies\Microsoft\Windows\NetCache\SlowLinkParams
HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit, HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimitUnpinned
HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncPeriodMin, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncMaxStartMin, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncIgnoreBlockOutAfterMin, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncBlockOutStartTime, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncBlockOutDurationMin, HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabledForForcedOffline
HKLM\Software\Policies\Microsoft\Windows\NetCache!OnlineCachingLatencyThreshold
HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludedFileTypes
HKCU\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncEnabledForCostedNetwork
HKLM\Software\policies\Microsoft\Peernet!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer, HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DontIncludeMicrosoftSeedServer
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer
HKLM\Software\policies\Microsoft\Peernet!IgnoreDomainPasswordPolicyForNewGroups
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ParentalControls!WPCEnableOnDomain
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePcaUI
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service!Enable
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication!SizePercent
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection!Location
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching!Enable
HKLM\Software\Policies\Microsoft\Windows\NetCache!PeerCachingLatencyThreshold
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Discovery!SCPDiscoveryEnabled
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service\Versioning!PreferredContentInformationVersion
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\MultipleServers
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Retrieval!SegmentTTL
HKCU\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining
HKLM\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining
HKLM\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!PerfCplEnabled
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!PerfCplEnabled
HKLM\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!SolutionsEnabled
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!SolutionsEnabled
HKLM\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!UpsellEnabled
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel!UpsellEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{186f47ef-626c-4670-800a-4a30756babad}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled
HKLM\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170a!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme
HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme
HKCU\Software\Policies\Microsoft\Windows\System\Power!PromptPasswordOnResume
HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!DCSettingIndex
HKLM\Software\Policies\Microsoft\Windows NT!DontPowerOffAfterShutdown
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00!DCSettingIndex
HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts, HKLM\Software\Policies\Microsoft\Windows\PowerShell!ExecutionPolicy
HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts, HKCU\Software\Policies\Microsoft\Windows\PowerShell!ExecutionPolicy
HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging, HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames
HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging, HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames
HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath, HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!DefaultSourcePath
HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath, HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!DefaultSourcePath
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries
HKLM\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPrinting
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ApplicationDriverIsolation
HKLM\Software\Policies\Microsoft\Windows NT\Printers!SupportLink
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainADprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainIPprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainWSDprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainBluetoothprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainShareprinters
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Downlevel Browse
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceCSREMFDespooling
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceSoftwareRasterization
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Printers Page URL
HKLM\Software\Policies\Microsoft\Windows NT\Printers!KMPrintersAreBlocked
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAddPrinter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDeletePrinter
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainIPprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainWSDprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainBluetoothprinters, HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainShareprinters
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint\ListofServers
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint\ListofServers
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocation
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocationSupport
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!TrustedServers, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!ServerList, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!InForest, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!NoWarningNoElevationOnInstall, HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!UpdatePromptSettings
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!TrustedServers, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!ServerList, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!InForest, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!NoWarningNoElevationOnInstall, HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!UpdatePromptSettings
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Default Search Scope
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ServerThread
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationExecutionPolicy
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationOverrideCompat
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows NT\Printers!V4DriverDisallowPrinterExtension
HKLM\Software\Policies\Microsoft\Windows NT\Printers!MXDWUseLegacyOutputFormatMSXPS
HKLM\Software\Policies\Microsoft\Windows NT\Printers!RegisterSpoolerRemoteRpcEndPoint
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Auto Publishing
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruneDownlevel
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningInterval
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningPriority
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetries
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetryLog
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PublishPrinters
HKLM\Software\Policies\Microsoft\Windows NT\Printers!VerifyPublishedState
HKLM\Software\Policies\Microsoft\Windows NT\Printers!Immortal
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsCPL
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsAndFeatures
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoInstalledUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoDefaultPrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsMarketplace
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoGetPrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsFeatures
HKLM\Software\Policies\Microsoft\Windows\PswdSync!LoggingLevel
HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state, HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries
HKLM\Software\Policies\Microsoft\Windows\PswdSync!SNISPasswordSyncEnable
HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state, HKLM\Software\Policies\Microsoft\Windows\PswdSync!Update Retry Interval
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeQualitative
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeQualitative
HKLM\Software\Policies\Microsoft\Windows\Psched!MaxOutstandingSends
HKLM\Software\Policies\Microsoft\Windows\Psched!NonBestEffortLimit
HKLM\Software\Policies\Microsoft\Windows\Psched!TimerResolution
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNonConforming
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeQualitative
HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMI!WMIEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!EnabledScenarioExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE!DisableSetup
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled, HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampInterval
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeShutdownErrs
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!SnapShot
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn, HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonUI
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!LoggingEnabled
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!CreateEncryptedOnlyTickets
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!OptimizeBandwidth
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!ShareControlMessage, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!ViewMessage
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowFullControl, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!MaxTicketExpiry, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!MaxTicketExpiryUnits, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fUseMailto
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicitedFullControl, HKLM\Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state, HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state, HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read, HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read\List
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read, HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read\List
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write, HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write\List
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write, HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write\List
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read, HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read, HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write, HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write, HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!AllowRemoteDASD
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!EnableAuthEpResolution
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation, HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInfoExceptions
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!IgnoreDelegationFailure
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!MinimumConnectionTimeout
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!RestrictRemoteClients
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!StateInformation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!MaxGPOScriptWait
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLegacyLogonScripts
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogoffScripts
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogonScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunComputerPSScriptsFirst
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunUserPSScriptsFirst
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunUserPSScriptsFirst
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideShutdownScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunStartupScriptSync
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideStartupScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!Allow-LogonScript-NetbiosDisabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!ValidateTrust
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!EnableDiagnostics
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!EnableQueryRemoteServer
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution, HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecutionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableBackoff
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventRemoteQueries
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexOnBattery
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowUsingDiacritics
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AlwaysUseAutoLangDetection
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AutoIndexSharedFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!FavoriteLocations
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventUsingAdvancedIndexingOptions
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOfflineFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingUncachedExchangeFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableIndexingDelegateMailboxes
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxesValue
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOutlook
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingEmailAttachments
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!RichAttachmentPreviews
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingPublicFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DataDirectory
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PrimaryIntranetSearchScopeUrl
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SecondaryIntranetSearchScopeUrl
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreviewPaneLocation
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SearchResultIconSize
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingLowDiskSpaceMB
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventUnwantedAddins
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableWebSearch
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline1, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline2, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline3
HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer!DisableSearchHistory
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Estonian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Latvian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Lithuanian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Albanian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Croatian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Czech, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Hungarian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Polish, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Romanian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SerbianLatin, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Slovak, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Slovenian, HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!Bulgarian, HKLM\SOFTWARE\Policies\Microsoft\Win
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!OCREveryPage
HKLM\Software\Policies\Microsoft\Windows NT\Security Center!SecurityCenterInDomain
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting
HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!DoNotOpenAtLogon
HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled, HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshInterval
HKLM\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks!DoNotOpenAtLogon
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYS!DisableShowAtLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing!LocalSourcePath, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing!UseWindowsUpdate, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing!RepairContentServerSource
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync, HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSyncUserOverride
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSyncOnPaidNetwork
HKLM\Software\Policies\Microsoft\Windows NT\Setup!ServicePackSourcePath
HKLM\Software\Policies\Microsoft\Windows NT\Setup!SourcePath
HKLM\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing
HKCU\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing
HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishDfsRoots
HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishSharedFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInplaceSharing
HKLM\Software\Policies\Microsoft\Windows\HomeGroup!DisableHomeGroup
HKCU\Software\Policies\Microsoft\Windows\System!DisableCMD
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictWelcomeCenter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets
HKCU\Software\Policies\Microsoft\Windows\SideShow!DeleteDataOnLogoff
HKLM\Software\Policies\Microsoft\Windows\SideShow!DeleteDataOnLogoff
HKCU\Software\Policies\Microsoft\Windows\SideShow!Disabled
HKLM\Software\Policies\Microsoft\Windows\SideShow!Disabled
HKCU\Software\Policies\Microsoft\Windows\SideShow!AutoWakeDisabled
HKLM\Software\Policies\Microsoft\Windows\SideShow!AutoWakeDisabled
HKCU\Software\Policies\Microsoft\Windows\SideShow!SetPIN, HKCU\Software\Policies\Microsoft\Windows\SideShow!PIN, HKCU\Software\Policies\Microsoft\Windows\SideShow!PINTimeout
HKLM\Software\Policies\Microsoft\Windows\SideShow!SetPIN, HKLM\Software\Policies\Microsoft\Windows\SideShow!PIN, HKLM\Software\Policies\Microsoft\Windows\SideShow!PINTimeout
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowCertificatesWithNoEKU
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowIntegratedUnblock
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!FilterDuplicateCerts
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ForceReadingAllCertificates
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowSignatureOnlyKeys
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowTimeInvalidCertificates
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!CertPropEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!RootCertificateCleanupOption
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!EnableRootCertificatePropagation
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!IntegratedUnblockPromptString
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ReverseSubject
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!DisallowPlaintextPin
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!X509HintsNeeded
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!EnableScPnP
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!ScPnPNotification
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!EnumerateECCCerts
HKLM\Software\Policies\Microsoft\Windows\Server for NIS!LoggingLevel
HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state, HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval
HKLM\Software\Policies\SNMP\Parameters\ValidCommunities
HKLM\Software\Policies\SNMP\Parameters\PermittedManagers
HKLM\Software\Policies\SNMP\Parameters\TrapConfiguration\public
HKCU\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec
HKLM\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!EnableManualUX
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!CentralClassificationList
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!ErrorMessage, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!EmailMessage, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!AllowEmailRequests, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!PutDataOwnerOnTo, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!PutAdminOnTo, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!IncludeDeviceClaims, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!IncludeUserClaims, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!GenerateLog, HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!AdditonalEmailTo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!EnableShellExecuteFileStreamCheck
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentProgForNewUserInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyGames
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchComputerLinkInStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchEverywhereLinkInStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!AddSearchInternetLinkInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchFilesInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchInternetInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchProgramsInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchCommInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserFolderInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceRunOnStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!QuickLaunchEnabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentDocsOnExit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceStartMenuLogOff
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!GreyMSIAds
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Intellimenus
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LockTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MemCheckBoxInRunDlg
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoTrayNotify
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMBalloonTip
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!ClearTilesOnExit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoClose
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCommonGroups
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFavoritesMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFind
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMFUprogramsList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMHelp
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInstrumentation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMorePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetworkConnections
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuPinnedList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveSearch
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveTrack
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMConfigurePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyDocs
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyMusic
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuNetworkPlaces
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyPictures
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuSubFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSimpleStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideClock
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTaskGrouping
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarsOnTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayContextMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayItemsDisplay
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserNameInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWindowsUpdate
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuEjectPC
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!StartMenuLogOff
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuHomegroup
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuDownloads
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuRecordedTV
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuVideos
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUninstallFromStart
HKCU\Software\Policies\Microsoft\Windows\Explorer!PowerButtonAction
HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowRunAsDifferentUserInStart
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM!AccountingEnabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM!EmailIds
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM!RecordWriteInterval
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM!SMTPServer
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableConfig
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableSR
HKCU\software\policies\microsoft\TabletTip\1.7!DisableACIntegration
HKLM\software\policies\microsoft\TabletTip\1.7!DisableACIntegration
HKCU\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget
HKLM\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget
HKCU\software\policies\microsoft\TabletTip\1.7!HideIPTIPTarget
HKLM\software\policies\microsoft\TabletTip\1.7!HideIPTIPTarget
HKCU\software\policies\microsoft\TabletTip\1.7!HideIPTIPTouchTarget
HKLM\software\policies\microsoft\TabletTip\1.7!HideIPTIPTouchTarget
HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState, HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurity
HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState, HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurity
HKCU\software\policies\microsoft\TabletTip\1.7!PRCGesture
HKLM\software\policies\microsoft\TabletTip\1.7!PRCGesture
HKCU\software\policies\microsoft\TabletTip\1.7!IncludeRareChar
HKLM\software\policies\microsoft\TabletTip\1.7!IncludeRareChar
HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOutState, HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOut
HKLM\software\policies\microsoft\TabletTip\1.7!ScratchOutState, HKLM\software\policies\microsoft\TabletTip\1.7!ScratchOut
HKCU\software\policies\microsoft\TabletTip\1.7!DisablePrediction
HKLM\software\policies\microsoft\TabletTip\1.7!DisablePrediction
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAPower
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCANetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAVolume
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAHealth
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarLockAll
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoAddRemoveToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoDragToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoNotification
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoRedock
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoResize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoThumbnail
HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoPinnedList
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSystraySystemPromotion
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoBalloonFeatureAdvertisements
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoRemoteDestinations
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToTaskbar
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToDestinations
HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoMultimon
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_RouterName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterNameResolutionInterval
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ServerName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_RefreshRate
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ClientPort
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_DefaultQualified
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState, HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientUrl
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableWsd
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableIPAutoConfigurationLimits
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowUnlistedRemotePrograms
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowDesktopCompositionOnServer
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ParticipateInLoadBalancing
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoFontSmoothing
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!VIPAdapter
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!PromptOnIPLeaseFail
HKLM\SOFTWARE\Policies\Microsoft\Windows\Session Manager\Quota System!EnableCpuQuota
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI!Enable
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!VirtualMode, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!PerApp
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!bEnumerateHWBeforeSW
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fServerEnableRDP8
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fClientDisableUDP
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MinEncryptionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPromptForPassword
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SecurityLayer
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UserAuthentication
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!CertTemplateName
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitLogonMethod, HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LogonMethod
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy, HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitUseProxy
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName, HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ProxyName
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAutoReconnect
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ColorDepth
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxMonitors
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxYResolution
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableForcibleLogoff
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveInterval
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicenseServers
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableTerminalServerTooltip
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicensingMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxInstanceCount
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDisconnect
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNTSecurity
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent!LogonWaitForPackageRegistration
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fSingleSessionPerUser
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram, HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram, HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WorkDirectory
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WorkDirectory
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fWritableTSCCPermTab
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDir, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirDrive
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFProfilePath
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFDontAppendUserNameToProfile
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MonitoringInterval, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ProfileDirectoryQuota
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fSecureLicensing
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fPreventLicenseUpgrade
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCam
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowedAudioQualityMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAudioCapture
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCcm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fForceClientLptDef
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableLPT
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisablePNPRedir
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCpm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver, HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!FallbackPrintDriverType
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableSmartCard
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEncryptRPCTraffic
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryActive
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryClusterName
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryExposeServerIP
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryLocation
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PromptForCredsOnClient
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AuthenticationLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxCompressionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!VisualExperiencePolicy
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fUsbRedirectionEnableMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate, HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CompressionRatio
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics
HKCU\SOFTWARE\Policies\Microsoft\Workspaces!DefaultConnectionURL
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fClientDisableUDP
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableThumbnails
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableThumbnailsOnNetworkFolders
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableThumbsDBOnNetworkFolders
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffTouchInput
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffTouchInput
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPanning
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPanning
HKLM\Software\Policies\Microsoft\TPM!ActiveDirectoryBackup, HKLM\Software\Policies\Microsoft\TPM, HKLM\Software\Policies\Microsoft\TPM!RequireActiveDirectoryBackup
HKLM\Software\Policies\Microsoft\TPM!OSManagedAuthLevel
HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled, HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands\List
HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreDefaultList
HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreLocalList
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration, HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold, HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold, HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupLauncher
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupLauncher
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToDisk
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToDisk
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToNetwork
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToNetwork
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToOptical
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupToOptical
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupUI
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableBackupUI
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableRestoreUI
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableRestoreUI
HKCU\Software\Policies\Microsoft\Windows\Backup\Client!DisableSystemBackupUI
HKLM\Software\Policies\Microsoft\Windows\Backup\Client!DisableSystemBackupUI
HKLM\Software\Policies\Microsoft\Windows\System!AddAdminGroupToRUP
HKLM\Software\Policies\Microsoft\Windows\System!CompatibleRUPSecurity
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ConnectHomeDirToRoot
HKLM\Software\Policies\Microsoft\Windows\System!DeleteRoamingCache
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDetectEnabled
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkUIEnabled
HKCU\Software\Policies\Microsoft\Windows\System!ExcludeProfileDirs
HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ProfileQuotaMessage, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!MaxProfileSize, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!IncludeRegInProQuota, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!WarnUser, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!WarnUserTimeout
HKLM\Software\Policies\Microsoft\Windows\System!LocalProfile
HKLM\Software\Policies\Microsoft\Windows\System!ProfileDlgTimeOut
HKLM\Software\Policies\Microsoft\Windows\System!ProfileErrorAction
HKLM\Software\Policies\Microsoft\Windows\System!ProfileUnloadTimeout
HKLM\Software\Policies\Microsoft\Windows\System!ReadOnlyProfile
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkProfileDefault
HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate, HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkTimeOut
HKLM\Software\Policies\Microsoft\Windows\System!CleanupProfiles
HKCU\Software\Policies\Microsoft\Windows\System!CscSuspendDirs
HKLM\Software\Policies\Microsoft\Windows\System!DisableForceUnload
HKLM\Software\Policies\Microsoft\Windows\System!WaitForNetwork
HKLM\Software\Policies\Microsoft\Windows\System!MachineProfilePath
HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod, HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveInterval, HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveTime
HKLM\Software\Policies\Microsoft\Windows\System!AllowUserInfoAccess, HKLM\Software\Policies\Microsoft\Windows\System!AllowUserInfoAccess
HKLM\Software\Policies\Microsoft\Windows\System!PrimaryComputerEnabledRUP
HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation, HKLM\Software\Policies\Microsoft\Windows\System!HomeDir, HKLM\Software\Policies\Microsoft\Windows\System!HomeDirDrive
HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryBackup, HKLM\Software\Policies\Microsoft\FVE!RequireActiveDirectoryBackup, HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryInfoToStore
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryPassword, HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryDrive
HKLM\SOFTWARE\Policies\Microsoft\FVE!DefaultRecoveryFolderPath
HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethod
HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethodNoDiffuser
HKLM\Software\Policies\Microsoft\FVE!MorBehavior
HKLM\Software\Policies\Microsoft\FVE!UseEnhancedPin
HKLM\Software\Policies\Microsoft\FVE!OSPassphrase, HKLM\Software\Policies\Microsoft\FVE!OSPassphraseComplexity, HKLM\Software\Policies\Microsoft\FVE!OSPassphraseLength, HKLM\Software\Policies\Microsoft\FVE!OSPassphraseASCIIOnly
HKLM\Software\Policies\Microsoft\FVE!TPMAutoReseal
HKLM\Software\Policies\Microsoft\FVE!DisallowStandardUserPINReset
HKLM\Software\Policies\Microsoft\FVE!IdentificationField, HKLM\Software\Policies\Microsoft\FVE!IdentificationFieldString, HKLM\Software\Policies\Microsoft\FVE!SecondaryIdentificationField
HKLM\Software\Policies\Microsoft\FVE!CertificateOID
HKLM\Software\Policies\Microsoft\FVE!OSUseEnhancedBcdProfile, HKLM\Software\Policies\Microsoft\FVE, HKLM\Software\Policies\Microsoft\FVE!OSBcdAdditionalSecurityCriticalSettings, HKLM\Software\Policies\Microsoft\FVE!OSBcdAdditionalExcludedSettings
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecovery, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageDRA, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecoveryPassword, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecoveryKey, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHideRecoveryPage, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRequireActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSActiveDirectoryInfoToStore
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableNonTPM, HKLM\SOFTWARE\Policies\Microsoft\FVE!UsePartialEncryptionKey, HKLM\SOFTWARE\Policies\Microsoft\FVE!UsePIN
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAdvancedStartup, HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableBDEWithNoTPM, HKLM\SOFTWARE\Policies\Microsoft\FVE!UseTPMKey, HKLM\SOFTWARE\Policies\Microsoft\FVE!UseTPMPIN, HKLM\SOFTWARE\Policies\Microsoft\FVE!UseTPMKeyPIN, HKLM\SOFTWARE\Policies\Microsoft\FVE!UseTPM
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageNKP
HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!Enabled, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!0, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!1, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!2, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!3, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!4, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!5, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!6, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!7, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!8, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!9, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!10, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!11, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!12, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!13, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!14, HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!15, HKLM\SOF
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!0, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!1, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!2, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!3, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!4, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!5, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!6, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!7, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!8, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!9, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!10, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!11, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!12, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!13, HKLM\SOFTWARE\Policies\
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!0, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!1, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!2, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!3, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!4, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!5, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!6, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!7, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!8, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!9, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!10, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!11, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!12, HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!13, HKLM\SOFTWARE\Policies\
HKLM\Software\Policies\Microsoft\FVE!MinimumPIN
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardwareEncryption, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSAllowSoftwareEncryptionFailover, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRestrictHardwareEncryptionAlgorithms, HKLM\SOFTWARE\Policies\Microsoft\FVE!OSAllowedHardwareEncryptionAlgorithms
HKLM\Software\Policies\Microsoft\FVE!OSEnablePrebootInputProtectorsOnSlates
HKLM\Software\Policies\Microsoft\FVE!OSAllowSecureBootForIntegrity
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecovery, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecoveryPassword, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecoveryKey, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVManageDRA, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHideRecoveryPage, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRequireActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVActiveDirectoryInfoToStore
HKLM\Software\Policies\Microsoft\FVE!FDVPassphrase, HKLM\Software\Policies\Microsoft\FVE!FDVEnforcePassphrase, HKLM\Software\Policies\Microsoft\FVE!FDVPassphraseComplexity, HKLM\Software\Policies\Microsoft\FVE!FDVPassphraseLength
HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess
HKLM\Software\Policies\Microsoft\FVE!FDVDiscoveryVolumeType, HKLM\Software\Policies\Microsoft\FVE!FDVNoBitLockerToGoReader
HKLM\Software\Policies\Microsoft\FVE!FDVAllowUserCert, HKLM\Software\Policies\Microsoft\FVE!FDVEnforceUserCert
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardwareEncryption, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVAllowSoftwareEncryptionFailover, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRestrictHardwareEncryptionAlgorithms, HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVAllowedHardwareEncryptionAlgorithms
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecovery, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecoveryPassword, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecoveryKey, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVManageDRA, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHideRecoveryPage, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRequireActiveDirectoryBackup, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVActiveDirectoryInfoToStore
HKLM\Software\Policies\Microsoft\FVE!RDVConfigureBDE, HKLM\Software\Policies\Microsoft\FVE!RDVAllowBDE, HKLM\Software\Policies\Microsoft\FVE!RDVDisableBDE
HKLM\Software\Policies\Microsoft\FVE!RDVPassphrase, HKLM\Software\Policies\Microsoft\FVE!RDVEnforcePassphrase, HKLM\Software\Policies\Microsoft\FVE!RDVPassphraseComplexity, HKLM\Software\Policies\Microsoft\FVE!RDVPassphraseLength
HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess, HKLM\Software\Policies\Microsoft\FVE!RDVDenyCrossOrg
HKLM\Software\Policies\Microsoft\FVE!RDVDiscoveryVolumeType, HKLM\Software\Policies\Microsoft\FVE!RDVNoBitLockerToGoReader
HKLM\Software\Policies\Microsoft\FVE!RDVAllowUserCert, HKLM\Software\Policies\Microsoft\FVE!RDVEnforceUserCert
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardwareEncryption, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVAllowSoftwareEncryptionFailover, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRestrictHardwareEncryptionAlgorithms, HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVAllowedHardwareEncryptionAlgorithms
HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate, HKLM\Software\Policies\Microsoft\W32Time\Config!HoldPeriod, HKLM\Software\Policies\Microsoft\W32Time\Config!LargePhaseOffset, HKLM\Software\Policies\Microsoft\W32Time\Config!MaxAllowedPhaseOffset, HKLM\Software\Policies\Microsoft\W32Time\Config!MaxNegPhaseCorrection, HKLM\Software\Policies\Microsoft\W32Time\Config!MaxPosPhaseCorrection, HKLM\Software\Policies\Microsoft\W32Time\Config!PhaseCorrectRate, HKLM\Software\Policies\Microsoft\W32Time\Config!PollAdjustFactor, HKLM\Software\Policies\Microsoft\W32Time\Config!SpikeWatchPeriod, HKLM\Software\Policies\Microsoft\W32Time\Config!UpdateInterval, HKLM\Software\Policies\Microsoft\W32Time\Config!AnnounceFlags, HKLM\Software\Policies\Microsoft\W32Time\Config!EventLogFlags, HKLM\Software\Policies\Microsoft\W32Time\Config!LocalClockDispersion, HKLM\Software\Policies\Microsoft\W32Time\Config!MaxPollInterval, HKLM\Software\Policies\Microsoft\W32Time\Config!MinPollInterval, HKLM\Software\Policies\Mic
HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer, HKLM\Software\Policies\Microsoft\W32time\Parameters!Type, HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!CrossSiteSyncFlags, HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMinutes, HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMaxTimes, HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!SpecialPollInterval, HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!EventLogFlags
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!Enabled
HKLM\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServer!Enabled
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockNonDomain
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fMinimizeConnections
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockRoaming
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fDisablePowerManagement
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DirSizeLimit
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled, HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!EnabledScenarioExecutionLevel
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!OnlySystemBackup
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToDisk
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToNetwork
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToOptical
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoRunNowBackup
HKCU\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall
HKLM\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall
HKCU\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi
HKLM\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!DisableUPnPRegistrar, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!DisableInBand802DOT11Registrar, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!DisableFlashConfigRegistrar, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!DisableWPDRegistrar, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!MaxWCNDeviceNumber, HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!HigherPrecedenceRegistrar
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!CheckForSignaturesBeforeRunningScan
HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware
HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet!SpyNetReporting, HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet!SpyNetReporting
HKLM\Software\Policies\Microsoft\Windows Defender\Real-time Protection!DisableRealtimeMonitoring
HKLM\Software\Policies\Microsoft\Windows Defender!DisableRoutinelyTakingAction
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoBackButton
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoFileMru
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoPlacesBar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place1, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place2, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place3, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place4
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClassicShell
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ConfirmFileDelete
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!EnforceShellExtensionSecurity
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LinkResolveIgnoreLinkInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MaxRecentDocs
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThumbnailCache
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCDBurning
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeAnimation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeKeyboardNavigationIndicators
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDFSTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDrives
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network!NoEntireNetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFileMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFolderOptions
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoHardwareTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoManageMyComputerVerb
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSharedDocuments
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetConnectDisconnect
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecycleFiles
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRunasInstallPrompt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSecurityTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoShellSearchButton
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewContextMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewOnDrive
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWinKeys
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoComputersNearMe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PromptRunasInstallNetPath
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RecycleBinSize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchInternetTryHarderButton
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearch0, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearchLabel0, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearch1, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearchLabel1, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearch2, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearchLabel2, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearch3, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearchLabel3, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearch4, HKCU\Software\Policies\Microsoft\Windows\Explorer!OpenSearchLabel4
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary, HKCU\Software\Policies\Microsoft\Windows\Explorer!Library0, HKCU\Software\Policies\Microsoft\Windows\Explorer!Library1, HKCU\Software\Policies\Microsoft\Windows\Explorer!Library2, HKCU\Software\Policies\Microsoft\Windows\Explorer!Library3, HKCU\Software\Policies\Microsoft\Windows\Explorer!Library4
HKLM\Software\Policies\Microsoft\Windows\Explorer!CheckSameSourceAndTargetForFRAndDFS
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders, HKCU\Software\Policies\Microsoft\Windows\Explorer\DisableKnownFolders
HKCU\Software\Policies\Microsoft\Windows\Explorer!HideContentViewModeSnippets
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableIndexedLibraryExperience
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableSearchBoxSuggestions
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F
HKLM\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation
HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation
HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen, HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowLockOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowSleepOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowHibernateOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoNewAppAlert
HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized, HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized, HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
HKLM\Software\Policies\Microsoft\Windows\System!DefaultAssociationsConfiguration
HKLM\Software\Policies\Microsoft\Windows\Explorer!EnableShellShortcutIconRemotePath
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SFCDllCacheDir
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcQuota
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcScan
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcShowProgress
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundSourceQuench, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowRedirect, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundEchoRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundRouterRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundTimeExceeded, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundParameterProblem, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundTimestampRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundMaskRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundPacket
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFilePath, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFileSize
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableNotifications
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableUnicastResponsesToMulticastBroadcast
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundSourceQuench, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowRedirect, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundEchoRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundRouterRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundTimeExceeded, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundParameterProblem, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundTimestampRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundMaskRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFilePath, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFileSize
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableNotifications
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!RemoteAddresses
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableUnicastResponsesToMulticastBroadcast
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!RemoteAddresses
HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed
HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed
HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities
HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities
HKLM\Software\Policies\Microsoft\WMDRM!DisableOnline
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DisableAutoUpdate
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!GroupPrivacyAcceptance
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DontUseFrameInterpolation
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCDDVDMetadataRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!PreventLibrarySharing
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventMusicFileMetadataRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!QuickLaunchShortcut
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventRadioPresetsRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DesktopShortcut
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!EnableScreenSaver
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCodecDownload
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!DoNotShowAnchor
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HidePrivacyTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideSecurityTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!DefaultSkin
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyType, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyAddress, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPort, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!BypassProxyLocal, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ExludeFromProxy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyType, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyAddress, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPort, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!BypassProxyLocal, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ExludeFromProxy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyType, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyAddress, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPort, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!BypassProxyLocal, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ExludeFromProxy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideNetworkTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!BufferingType, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBuffering
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!Multicast, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!UDP, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!UDPPorts, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!TCP, HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!HTTP
HKLM\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun
HKCU\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun
HKLM\Software\Policies\Microsoft\Messenger\Client!PreventRun
HKCU\Software\Policies\Microsoft\Messenger\Client!PreventRun
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowBasic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowUnencryptedTraffic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowDigest
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowNegotiate
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowKerberos
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowCredSSP
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts, HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHostsList
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig, HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv4Filter, HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!IPv6Filter
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!HttpCompatibilityListener
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!HttpsCompatibilityListener
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowBasic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowUnencryptedTraffic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!DisableRunAs
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowNegotiate
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowKerberos
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowCredSSP
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!CBTHardeningLevelStatus, HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!CbtHardeningLevel
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!AllowRemoteShellAccess
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!IdleTimeout, HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxConcurrentUsers
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxMemoryPerShellMB
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxProcessesPerShell
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!ShellTimeOut
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxShellsPerUser
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccessMode
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AUOptions, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallDay, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!ScheduledInstallTime
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!WUServer, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!WUStatusServer
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequency
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ElevateNonAdmins
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AutoInstallMinorUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!IncludeRecommendedUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!EnableFeaturedSoftware
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AUPowerManagement
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeout
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeout
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTime
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroup
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!AcceptTrustedPublisherCerts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableShutdownNamedPipe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ShutdownSessionTimeout
HKLM\Software\Policies\Microsoft\Windows\System!HiberbootEnabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisplayLastLogonInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DontDisplayLogonHoursWarnings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonHoursAction
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!SoftwareSASGeneration
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ReportControllerMissing
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ReportControllerMissing
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Shell
HKLM\Software\Policies\Microsoft\Windows\System!AllowBlockingAppsAtShutdown
HKCU\Software\Policies\Microsoft\WindowsStore!RemoveWindowsStore
HKLM\Software\Policies\Microsoft\WindowsStore!RemoveWindowsStore
HKLM\Software\Policies\Microsoft\WindowsStore!EnableWindowsStoreOnWTG
HKLM\Software\Policies\Microsoft\WindowsStore\WindowsUpdate!AutoDownload
HKLM\Software\Policies\Microsoft\Windows\Wireless\NetCost!Cost
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SearchExtensions!InternetExtensionName, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SearchExtensions!InternetExtensionAction
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoTileApplicationNotification
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotification
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotificationOnLockScreen
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoCloudApplicationNotification
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost3G
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost4G
Supported On
At least Windows Vista
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2003
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows XP Professional with SP2
At least Windows 2000
Windows XP or Windows Server 2003, or computers with BITS 1.5 installed.
Windows XP SP2 or Windows Server 2003 SP1, or computers with BITS 2.0 installed.
Windows 7 or computers with BITS 3.5 installed.
Windows 8 or Windows Server 2012 or Windows RT or computers with BITS 5 installed.
at least Windows NetMeeting v3.0
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000 Service Pack 1
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP
At least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
At least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
Windows 2000 only
Windows Server 2003 and Windows XP only
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2
Windows Server 2008 with Desktop Experience installed or Windows Vista
Windows Server 2008 with Desktop Experience installed or Windows Vista
Windows XP Professional only

At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Internet Explorer 6 Service Pack 1
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 3
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2003 only
At least Internet Explorer 5.0
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista
Only Internet Explorer 4.0
Only Internet Explorer 5.0 through Internet Explorer 8.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 7.0. Not supported on Windows Vista
At least Internet Explorer 7.0 in Windows Vista
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive
Windows 2000 only
Windows 2000 only
Windows Server 2008 R2 and Windows 7
At least Windows Server 2003 R2

Windows Installer v4.0
Microsoft Windows XP or Windows 2000 with Windows Installer v2.0

Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Microsoft Windows XP Professional with SP2 and Windows Server 2003 family only
At least Windows Server 2003 operating systems Service Pack 1, Windows XP Professional Service Pack 2, or Windows 2000 Service Pack 5
At least Windows 7 or Windows Server 2008 R2*
Windows Vista only
Windows Vista only
Windows Vista only
Windows Vista only
At least Microsoft Windows 7 or Windows Server 2008 family
Supported Windows Vista through Windows 7
Windows 2000 only
Windows Server 2008 and Windows Vista
Supported Windows XP SP1 through Windows Server 2008 RTM
Windows Vista only
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 4.0 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows 8 or later
Any version of Microsoft Windows with Windows Search 4.0
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 4.0 or later
Microsoft Windows Vista or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Windows with Windows Search 4.0
Windows Server 2008 and Windows Server 2008 R2 operating systems only
Windows Vista only
At least Windows Vista Service Pack 1
Windows Vista only
Windows Vista only
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3
Windows Vista only
Windows Vista only
Windows Vista only
Windows Vista only
Windows Vista only
At least Windows Vista Service Pack 1
Windows Server 2008 R2 only
At least Windows Server 2012 with RDSH role installed
Windows 7 with Service Pack 1
At least Windows XP and Windows Server 2003 only
At least Windows Server 2003 with Service Pack 1
At least Windows 2000 Terminal Services
At least Windows 2000 Terminal Services
At least Windows 8 Enterprise or Windows Server 2012
Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
At least Windows Server 2008 or Windows 7
Windows Server 2003 with Service Pack 1 only
At least Windows Server 2003, Enterprise Edition
At least Windows Vista with Service Pack 1
Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only
At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service Pack 1
At least Windows 8 or Windows RT
Windows Vista Service Pack 1
Windows Vista only
Windows Vista only
At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 4
Windows Vista only
Windows Vista only
Windows Media Player 9 Series and later.
Windows Media Player 11 for Windows XP or Windows Media Player 11 for Windows Vista or later.
Windows Media Player for Windows XP and later.
Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2
At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT
Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1 , Windows 2000 SP4, Windows 2000 SP3
At least Windows Server 2003 operating systems or Windows XP Professional with SP1, excluding Windows RT
Help Text
This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. Note: Wild card characters cannot be used when specifying the host URLs.
This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones.
Specifies the category of programs that appears when users open the "Add New Programs" page.If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. Users can use the Category box on the "Add New Programs" page to display programs in other categories.To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New Programs" page opens.You can use this setting to direct users to the programs they are most likely to need.Note: This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add New Programs page" setting is enabled.
Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users.This setting does not prevent users from using other tools and methods to add or remove program components.Note: If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media, regardless of this setting.
Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users.This setting does not prevent users from using other tools and methods to connect to Windows Update.Note: If the "Hide Add New Programs page" setting is enabled, this setting is ignored.
Prevents users from viewing or installing published programs.This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them.Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.If you disable this settin
Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.The Add New Programs button lets users install programs published or assigned by a system administrator.If you disable this setting or do not configure it, the Add New Programs button is available to all users.This setting does not prevent users from using other tools and methods to install programs.
Prevents users from using Add or Remove Programs.This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus.Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.If you disable this setting or do not configure it, Add or Remove Programs is available to all users.When enabled, this setting takes precedence over the other settings in this folder.This setting does not prevent users from using other tools and methods to install or uninstall programs.
Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users.This setting does not prevent users from using other tools and methods to change program access or defaults.This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page.The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users.This setting does not prevent users from using other tools and methods to delete or uninstall programs.
Prevents users from using Add or Remove Programs to configure installed services.This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears.This setting does not prevent users from using other methods to configure services.Note: When "Set up services" does not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selected automatically, and the page is bypassed.To remove "Set up services" and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page
Removes links to the Support Info dialog box from programs on the Change or Remove Programs page.Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.If you disable this setting or do not configure it, the Support Info hyperlink appears.Note: Not all programs provide a support information hyperlink.
Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page.The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users.This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
This policy setting prevents a Federation Service in Active Directory Federation Services (AD FS) from being installed or run.If you enable this policy setting, installation of a Federation Service fails. If a Federation Service has already been installed, all requests made to it fail.If you disable or do not configure this policy setting, installation of a Federation Service is allowed and any installed Federation Service functions normally.Note: A Federation Service may be installed only on Windows Server 2008 Enterprise Edition or Windows Server 2008 Datacenter Edition.
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run.If the status is set to Disabled, the MS-DOS subsystem runs for all users on this computer.If the status is set to Not Configured, the OS fall
This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set.Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection has stopped for all applications, please reboot your machine.
The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applications they are using. If you disable or do not configure this policy setting, the Switchback will be turned on.Please reboot the system after changing the setting to ensure that your system accurately reflects those changes.
This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.Turning off the application compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue screen if an old anti-virus application is installed.)The Windows Resource Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installers and these applications may fai
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues. If you disable or do not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.Note: The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service mu
This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screen shots. Steps Recorder includes an option to turn on and off data collection.If you enable this policy setting, Steps Recorder will be disabled.If you disable or do not configure this policy setting, Steps Recorder will be enabled.
This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.If you enable this policy setting, the Inventory Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assistant is also disabled.If you disable or do not configure this policy setting, the Inventory Collector will be turned on.Note: This policy setting has no effect if the Customer Experience Improvement Program is turned off. The Inventory Collector will be off.
This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store.If you enable this policy setting, you can install any trusted app package. A trusted app package is one that is signed with a certificate chain that can be successfully validated by the local computer. This can include line-of-business app packages signed by the enterprise in addition to app packages that originate from the Windows Store.If you disable or do not configure this policy setting, you can only install trusted app packages that come from the Windows Store.
This policy setting allows you to manage the deployment operations of app packages when the user is logged in under special profiles.Deployment operation refers to adding, registering, staging, updating or removing an app package.Special profiles refer to profiles with the following types: mandatory, super-mandatory, temporary or system. Local and roaming profiles are not special profiles. When the user is logged in to a guest account, the profile type is temporary.If you enable this policy setting, the system allows deployment operations when the user is using a special profile.If you disable or do not configure this policy setting, the system blocks deployment operations when the user is using a special profile.
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a file. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a packaged app could compromise the system by launching a file in a desktop app. If you enable this policy setting, Windows prevents packaged apps from launching files that would open in a desktop app. When you enable this policy setting, packaged apps may only launch files that can be opened by another packaged app. If you disable or do not configure this policy setting, packaged apps could launch files that would open in a desktop app.
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a file. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a packaged app could compromise the system by launching a file in a desktop app. If you enable this policy setting, Windows prevents packaged apps from launching files that would open in a desktop app. When you enable this policy setting, packaged apps may only launch files that can be opened by another packaged app. If you disable or do not configure this policy setting, packaged apps could launch files that would open in a desktop app.
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a protocol. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a protocol launched by a packaged app could compromise the system by launching a desktop app. If you enable this policy setting, Windows prevents packaged apps from launching protocols that would be passed to a desktop app. When you enable this policy setting, packaged apps may only launch protocols that can be passed to another packaged app. If you disable or do not configure this policy setting, packaged apps could launch protocols that would be passed to a desktop app. Note: Enabling this policy setting will not block packaged apps from launching http, https, and mailto protocols that would be passed to a desktop app. The handlers for these protocols are accustomed to handling data from untrusted sources and are therefore hardened against protocol based vulnerabilities. The risk of allowing th
This policy setting allows you to minimize the risk involved when a packaged app launches the default app for a protocol. Because desktop apps run at a higher integrity level than packaged apps, there is a risk that a protocol launched by a packaged app could compromise the system by launching a desktop app. If you enable this policy setting, Windows prevents packaged apps from launching protocols that would be passed to a desktop app. When you enable this policy setting, packaged apps may only launch protocols that can be passed to another packaged app. If you disable or do not configure this policy setting, packaged apps could launch protocols that would be passed to a desktop app. Note: Enabling this policy setting will not block packaged apps from launching http, https, and mailto protocols that would be passed to a desktop app. The handlers for these protocols are accustomed to handling data from untrusted sources and are therefore hardened against protocol based vulnerabilities. The risk of allowing th
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant. If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example, trust notepad.exe, but don't trust .txt files.Preferring the file type instructs Windows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler.Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options.If you enable this policy setting, you can choose the order in which Windows processes risk assessment data.If you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.If you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type.
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.If you enable this policy setting, Windows does not mark file attachments with their zone information.If you disable this policy setting, Windows marks file attachments with their zone information.If you do not configure this policy setting, Windows marks file attachments with their zone information.
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting, Windows hides the check box and Unblock button.If you disable this policy setting, Windows shows the check box and Unblock button.If you do not configure this policy setting, Windows hides the check box and Unblock button.
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.High Risk: If the attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.Low Risk: If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information.If you enable this policy setting, you can specify the default risk level for file types.If you disable this policy setting, Windows sets the default risk level to moderate.If you do not configure this policy setting, Windows sets the def
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).If you enable this policy setting, you can create a custom list of high-risk file types.If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk.If you do not configure this policy setting, Windows uses its built-in list of high-risk file types.
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. This inclusion list overrides the list of high-risk file types built into Windows and has a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list).If you enable this policy setting, you can specify file types that pose a low risk.If you disable this policy setting, Windows uses its default trust logic.If you do not configure this policy setting, Windows uses its default trust logic.
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high-risk file types built into Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an extension is listed in more than one inclusion list).If you enable this policy setting, you can specify file types which pose a moderate risk.If you disable this policy setting, Windows uses its default trust logic.If you do not configure this policy setting, Windows uses its default trust logic.
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will prompt
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will prompt
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting, AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy setting, AutoPlay remembers user's choice of what to do when a device is connected.
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting, AutoPlay prompts the user to choose what to do when a device is connected. If you disable or do not configure this policy setting, AutoPlay remembers user's choice of what to do when a device is connected.
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting, the Windows Biometric Service is available, and users can run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the "Allow users to log on using biometrics" policy setting.If you disable this policy setting, the Windows Biometric Service is unavailable, and users cannot use any biometric feature in Windows.Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.
This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the "Allow domain users to log on using biometrics" policy setting will need to be enabled for domain users to log on to the domain.If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and can elevate permissions with UAC using biometrics.If you disable this policy setting, biometrics cannot be used by any users to log on to a local Windows-based computer.Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.
This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default, domain users cannot use biometrics to log on. If you enable this policy setting, domain users can log on to a Windows-based domain-joined computer using biometrics. Depending on the biometrics you use, enabling this policy setting can reduce the security of users who use biometrics to log on.If you disable or do not configure this policy setting, domain users are not able to log on to a Windows-based computer using biometrics.Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.
This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default, a fast user switch event is active for 10 seconds before becoming inactive.If you enable this policy setting, you can configure the fast user switch event timeout to specify the number of seconds the event remains active. This value cannot exceed 60 seconds.If you disable or do not configure this policy setting, a default value of 10 seconds is used for fast-user switch event timeouts.
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk. Note: Any property changes to the job or any successful download action will reset this timeout. Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs. Consider decreasing this value if you are concerned about orphaned jobs occupying disk space. If you enable this policy setting, you can configure the inactive job timeout to specified number of days. If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit, the job is placed in the error state. By default BITS uses a maximum download time of 90 days (7,776,000 seconds). If you enable this policy setting, you can set the maximum job download time to a specified number of seconds. If you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers. (This policy setting does not affect foreground transfers.) You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. If you disable or do not configure this policy setting, BITS uses all available unused bandwidth. Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and nonwork days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours. If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low. You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. If you disable or do not configure this policy setting, BITS uses all avai
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers. If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period. You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule. If you disable or do not configure this policy setting, the limits defined for work or nonwork schedules will be used. Note: The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner. If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server. If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS p
This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days. If you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days. If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache. Note: This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not configured.
This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache. If you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent. If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size. Note: This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers). If you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers. If you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server. Note: This policy setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers). If you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers. If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers. Note: This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching. If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching. If you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used. Note: This setting has no effect if the "Allow BITS pe
This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers. If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are: - Always transfer - Transfer unless roaming - Transfer unless surcharge applies (when not roaming or overcap) - Transfer unless nearing limi
This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs. If you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number. If you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs. Note: BITS jobs created by services and the local administrator account do not count toward this limit.
This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create. If you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number. If you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs. Note: This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit.
This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS jobs can contain. If you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number. If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain. Note: BITS Jobs created by services and the local administrator account do not count toward this limit.
This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file. If you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number. If you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file. Note: BITS Jobs created by services and the local administrator account do not count toward this limit.
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default. If you enable this policy setting, the BITS client does not use Windows Branch Cache. If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache. Note: This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.
This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted.If you enable this setting then Windows CEIP data uploaded will be tagged.If you do not configure this setting or disable it, then CEIP data will not be tagged with the Study Identifier.
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting, SSL cipher suites are prioritized in the order specified.If you disable or do not configure this policy setting, the factory default cipher suite order is used. SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since command prompts can be used to launch other applications.
Prevents users from sharing the whole desktop. They will still be able to share individual applications.
Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer windows can be used to launch other applications.
Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.
Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality, but older audio hardware may not support it.
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
Prevents users from receiving video. Users will still be able to send video provided they have the hardware."
Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
Make the automatic acceptance of incoming calls persistent.
Disables the Chat feature of NetMeeting.
Disables the T.126 whiteboard feature of NetMeeting.
Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
Configures NetMeeting to download settings for users each time it starts.The settings are downloaded from the URL listed in the "Configuration URL:" text box.Group Policy based settings have precedence over any conflicting settings set by downloading them from this URL.
Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.
Prevents users from changing the way calls are placed, either directly or via a gatekeeper server.
Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book."
Prevents users from receiving files from others in a conference.
Prevents users from sending files to others in a conference.
Prevents users from viewing directories as Web pages in a browser.
Limits the size of files users can send to others in a conference.
Sets the URL NetMeeting will display when the user chooses the Help Online Support command.
Sets the level of security for both outgoing and incoming NetMeeting calls.
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.
Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.
Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.Note: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Pa
This policy setting controls the default Control Panel view, whether by category or icons. If this policy setting is enabled, the Control Panel opens to the icon view.If this policy setting is disabled, the Control Panel opens to the category view.If this policy setting is not configured, the Control Panel opens to the view used in the last Control Panel session.Note: Icon size is dependent upon what the user has set it to in the previous session.
Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items.This setting removes Control Panel from:The Start screenFile ExplorerThis setting removes PC settings from:The Start screenSettings charmAccount pictureSearch resultsIf users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a setting prevents the action.
This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This setting affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.To display a Control Panel item, enable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.Note: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item does not have a CPL file, or the CPL file con
Disables the Display Control Panel.If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
Removes the Settings tab from Display in Control Panel.This setting prevents users from using Control Panel to add, configure, or change the display settings on the computer.
Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available.This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Personalization or Display Control Panel.For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
Enables desktop screen savers.If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.If you do not configure it, this setting has no effect on the system.If you enable it, a screen saver runs, provided the following two conditions hold: First, a valid screen saver on the client is specified through the "Screen Saver executable name" setting or through Control Panel on the client computer. Second, the screen saver timeout is set to a nonzero value through the setting or Control Panel.Also, see the "Prevent changing Screen Saver" setting.
Specifies the screen saver for the user's desktop.If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from changing the screen saver.If you disable this setting or do not configure it, users can select any screen saver.If you enable this setting, type the name of the file that contains the screen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\System32 directory, type the fully qualified path to the file.If the specified screen saver is not installed on a computer to which this setting applies, the setting is ignored.Note: This setting can be superseded by the "Enable Screen Saver" setting. If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.
Determines whether screen savers used on the computer are password protected.If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.This setting also disables the "Password protected" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password protection setting.If you do not configure this setting, users can choose whether or not to set password protection on each screen saver.To ensure that a computer will be password protected, enable the "Enable Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting.Note: To remove the Screen Saver dialog, use the "Prevent changing Screen Saver" setting.
Specifies how much user idle time must elapse before the screen saver is launched.When configured, this idle time can be set from a minimum of 1 second to a maximum of 86,400 seconds, or 24 hours. If set to zero, the screen saver will not be started.This setting has no effect under any of the following circumstances: - The setting is disabled or not configured. - The wait time is set to zero. - The "Enable Screen Saver" setting is disabled. - Neither the "Screen saver executable name" setting nor the Screen Saver dialog of the client computer's Personalization or Display Control Panel specifies a valid existing screen saver program on the client.When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.
Prevents users from adding or changing the background design of the desktop.By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.If you enable this setting, none of the Desktop Background settings can be changed by the user.To specify wallpaper for a group, use the "Desktop Wallpaper" setting.Note: You must also enable the "Desktop Wallpaper" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327998 for more information.Also, see the "Allow only bitmapped wallpaper" setting.
Prevents users from changing the sound scheme.By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.If you enable this setting, none of the Sound Scheme settings can be changed by the user.
Prevents users from changing the mouse pointers.By default, users can use the Pointers tab in the Mouse Control Panel to add, remove, or change the mouse pointers.If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
Prevents users from changing the desktop icons.By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.If you enable this setting, none of the desktop icons can be changed by the user.For systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.
This setting forces the theme color scheme to be the default color scheme.If you enable this setting, a user cannot change the color scheme of the current desktop theme.If you disable or do not configure this setting, a user may change the color scheme of the current desktop theme.For Windows 7 and later, use the "Prevent changing color and appearance" setting.
This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting, users cannot change or save a theme. Elements of a theme such as the desktop background, color, sounds, and screen saver can still be changed (unless policies are set to turn them off).If you disable or do not configure this setting, there is no effect.Note: If you enable this setting but do not specify a theme using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting, the theme that you specify will be applied when a new user logs on for the first time. This policy does not prevent the user from changing the theme or any of the theme elements such as the desktop background, color, sounds, or screen saver after the first logon.If you disable or do not configure this setting, the default theme will be applied at the first logon.
Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP, this setting disables the "Windows and buttons" drop-down list on the Appearance tab in Display Properties.When enabled on Windows XP and later systems, this setting prevents users and applications from changing the visual style through the command line. Also, a user may not apply a different visual style when changing themes.
This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles), or a file located on a remote server using a UNC path (\\Server\Share\aero.msstyles).If you enable this setting, the visual style file that you specify will be used. Also, a user may not apply a different visual style when changing themes.If you disable or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization Control Panel is available).Note: If this setting is enabled and the file is not available at user logon, the default visual style is loaded.Note: When running Windows XP, you can select the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstylesNote: To select the Windows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows RT, you cannot apply the Window
Prevents users from changing the size of the font in the windows and buttons displayed on their screens.If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled. If you disable or do not configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
This policy setting controls whether the lock screen appears for users.If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC.If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse.
Prevents users from changing the background image shown when the machine is locked.By default, users can change the background image shown when the machine is locked.If you enable this setting, the user will not be able to change their lock screen image, and they will instead see the image set prior to enabling this setting.
Prevents users from changing the look of their start menu background, such as its color or accent.By default, users can change the look of their start menu background, such as its color or accent.If you enable this setting, the user will not be able to change the look of their start menu background, and they will instead see the start menu background set prior to enabling this setting.
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.If you disable or do not configure this policy setting, users will be able to customize their account pictures.
This policy setting specifies a default logon domain, which might be a different domain than the domain to which the computer is joined. Without this policy setting, at logon, if a user does not specify a domain for logon, the domain to which the computer belongs is assumed as the default domain. For example if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam. If you enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which the computer is joined. If you disable or do not configure this policy setting, the default logon domain is always set to the domain to which the computer is joined.
This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example, to support biometric authentication).If you enable this policy, an administrator can specify the CLSIDsof the credential providers to exclude from the set of installedcredential providers available for authentication purposes.If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
This policy setting allows you to control whether a domain user can sign in using a PIN.If you enable this policy setting, a domain user can set up and sign in with a PIN. If you disable or don't configure this policy setting, a domain user can't set up and use a PIN.Note that the user's domain password will be cached in the system vault when using this feature.
This policy setting allows you to control whether a domain user can sign in using a picture password.If you enable this policy setting, a domain user can't set up or sign in with a picture password. If you disable or don't configure this policy setting, a domain user can set up and use a picture password.Note that the user's domain password will be cached in the system vault when using this feature.
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.For Example:TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machineTERMSRV/* Remote Desktop Session Host running on
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via NTLM.If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.For Example:TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machineTERMSRV/* Remote Desktop Session Host running
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.Note: The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is permitted when specifying the SPN.For Example:TERMS
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via NTLM.If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.Note: The "Allow delegating fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.For
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via a trusted X509 certificate or Kerberos.If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).If you disable this policy setting, delegation of saved credentials is not permitted to any machine.Note: The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).This policy setting applies when server authentication was achieved via NTLM.If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.If you disable this policy setting, delegation of saved credentials is not permitted to any machine.Note: The "Allow delegating saved credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Nam
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.Note: The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.For Example:TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machineTERMSRV/* Remote Desktop Session Host running on all machines.TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fab
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.Note: The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.For Example:TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machineTERMSRV/* Remote Desktop Session Host running on all machines.TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresource
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection).If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.Note: The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.For Example:TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machineTERMSRV/* Remote Desktop Session Host running on all machines.TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .h
This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.If you disable this policy setting, users will always be required to type a user name and password to elevate.
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the users Windows credentials.Note: This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.If you disable or do not configure this policy setting, users will enter Windows credentials within the users desktop session, potentially allowing malicious code access to the users Windows credentials.
This policy setting allows you to configure the display of the password reveal button in password entry user experiences.If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
This policy setting allows you to configure the display of the password reveal button in password entry user experiences.If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
This policy setting prevents users from locking the system.While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.If you enable this policy setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del.If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del.Tip:To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this computer.
This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run.If you enable this policy setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.Also, see the 'Remove Logoff on the Start Menu' policy setting.If you disable or do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application id (appid) in the "Define Activation Security Check exemptions" policy (if enabled), DCOM will look for an entry in the locally configured list.If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy is not configured.
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.DCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors.If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0
Enables Active Desktop and prevents users from disabling it.This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.Note: If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
Disables Active Desktop and prevents users from enabling it.This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.Note: If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.
Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.This is a comprehensive setting that locks down the configuration you establish by using other policies in this folder. This setting removes the Web tab from Display in Control Panel. As a result, users cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, lock, or synchronize Active Desktop components.
Adds and deletes specified Web content items.You can use the "Add" box in this setting to add particular Web-based items or shortcuts to users' desktops. Users can close or delete the items (if settings allow), but the items are added again each time the setting is refreshed.You can also use this setting to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each time the setting is refreshed.Note: Removing an item from the "Add" list for this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply not added again.Note: For this setting to take affect, you must log off and log on to the system.
Prevents users from adding Web content to their Active Desktop.This setting removes the "New" button from Web tab in Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop. This setting does not remove existing Web content from their Active Desktop, or prevent users from removing existing Web content.Also, see the "Disable all items" setting.
Prevents users from removing Web content from their Active Desktop.In Active Desktop, you can add items to the desktop but close them so they are not displayed.If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.Note: This setting does not prevent users from deleting items from their Active Desktop.
Prevents users from deleting Web content from their Active Desktop.This setting removes the Delete button from the Web tab in Display in Control Panel. As a result, users can temporarily remove, but not delete, Web content from their Active Desktop.This setting does not prevent users from adding Web content to their Active Desktop.Also, see the "Prohibit closing items" and "Disable all items" settings.
Prevents users from changing the properties of Web content items on their Active Desktop.This setting disables the Properties button on the Web tab in Display in Control Panel. Also, it removes the Properties item from the menu for each item on the Active Desktop. As a result, users cannot change the properties of an item, such as its synchronization schedule, password, or display characteristics.
Removes Active Desktop content and prevents users from adding Active Desktop content. This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users cannot add Web pages or pictures from the Internet or an intranet to the desktop.Note: This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wallpaper.
Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If users select files with other image formats, such as JPEG, GIF, PNG, or HTML, through the Browse button on the Desktop tab, the wallpaper does not load. Files that are autoconverted to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper".Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrative Templates\Control Panel\Display) settings.
Specifies the desktop background ("wallpaper") displayed on all users' desktops.This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap (*.bmp) or JPEG (*.jpg) file.To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper"
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting, the filter bar appears when the Active Directory Find dialog box opens, but users can hide it.If you disable this setting or do not configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu.To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter.
Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting, the Active Directory folder does not appear in the Network Locations folder.If you disable this setting or do not configure it, the Active Directory folder appears in the Network Locations folder.This setting is designed to let users search Active Directory but not tempt them to casually browse Active Directory.
Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory, such as those in Local Users and Groups, Active Directory Users and Computers, and dialog boxes used to set permissions for user or group objects in Active Directory.If you enable this setting, you can use the "Number of objects returned" box to limit returns from an Active Directory search.If you disable this setting or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space.This setting is designed to protect the network and the domain controller from the effect of expansive searches.
Prevents users from changing the path to their profile folders.By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.If you enable this setting, users are unable to type a new location in the Target box.
Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.Removing icons and shortcuts does not prevent the user from using another method to start the programs or opening the items they represent.Also, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.
Prevents users from using the Desktop Cleanup Wizard.If you enable this setting, the Desktop Cleanup wizard does not automatically run on a users workstation every 60 days. The user will also not be able to access the Desktop Cleanup Wizard.If you disable this setting or do not configure it, the default behavior of the Desktop Clean Wizard running every 60 days occurs.Note: When this setting is not enabled, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and then clicking the Customize Desktop button.
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.
This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the "Up" button while this setting is enabled, they view an empty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.If you enable this setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the user manages to navigate to Computer, the folder will be empty.If you disable this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless restricted by another setting.If you do not configure this setting, the default is to display Computer as usual.Note: In operating systems earlier than Microsof
Removes most occurrences of the My Documents icon.This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder.This setting does not remove the My Documents icon from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting.Note: To make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.
Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Network Places icon.
This setting hides Properties on the context menu for Computer.If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected.If you disable or do not configure this setting, the Properties option is displayed as usual.
This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon.If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:Right-clicks the My Documents icon.Clicks the My Documents icon, and then opens the File menu.Clicks the My Documents icon, and then presses ALT+ENTER.If you disable or do not configure this policy setting, the Properties menu command is displayed.
Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations.If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.
Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box.This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.Note: To make changes to this setting effective, you must log off and then log back on.
Removes the Properties option from the Recycle Bin context menu.If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected.If you disable or do not configure this setting, the Properties option is displayed as usual.
Prevents users from saving certain changes to the desktop.If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.
Prevents users from manipulating desktop toolbars.If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.Note: If users have added or removed toolbars, this setting prevents them from restoring the default configuration.Tip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start button), and point to "Toolbars."Also, see the "Prohibit adjusting desktop toolbars" setting.
Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.This setting does not prevent users from adding or removing toolbars on the desktop.Note: If users have adjusted their toolbars, this setting prevents them from restoring the default configuration.Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting.
Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse.If you disable or do not configure this policy, this window minimizing and restoring gesture will apply.
Device compatibility settings.
Driver compatibility settings.
This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting, a signed driver is still preferred over a driver that is not signed at all.If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was created. If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates.
This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.If you disable or do not configure this policy setting, Windows waits 300 seconds for a device installation task to complete before terminating the installation.
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity. If you enable this policy setting, Windows does not create a system restore point when one would normally be created.If you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug and Play interface are not allowed.
This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy settings.If you enable this policy setting, members of the Administrators group can use the Add Hardware wizard or the Update Driver wizard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy settings that restrict device installation.
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.If you enable this policy setting, Windows is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop s
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when the "Prevent installation of devices not described by other policy settings" policy setting is enabled. Other policy settings that prevent device installation take precedence over this one.If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remot
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device.If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting, Windows is prevented from installing or updating the device driver for any device that is not described by either the "Allow installation of devices that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting.If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.
This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies.If you enable this policy setting, set the amount of seconds you want the system to wait until a reboot.If you disable or do not configure this policy setting, the system does not force a reboot.Note: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted.
This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of a notification when a policy setting prevents device installation.If you disable or do not configure this policy setting, Windows displays a default title in a notification when a policy setting prevents device installation.
This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting, Windows displays the text you type in the Detail Text box when a policy setting prevents device installation.If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device installation.
This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system.If you enable this policy setting, members of the Users group may install new drivers for the specified device setup classes. The drivers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store.If you disable or do not configure this policy setting, only members of the Administrators group are allowed to install new device drivers on the system.
Determines how the system responds when a user tries to install device driver files that are not digitally signed.This setting establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established.When you enable this setting, use the drop-down box to specify the desired response.-- "Ignore" directs the system to proceed with the installation even if it includes unsigned files.-- "Warn" notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. "Warn" is the default.-- "Block" directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed.To change driver file security without specify
This policy setting prevents redirection of USB devices.If you enable this setting, an alternate driver for USB devices cannot be loaded.If you disable or do not configure this setting, an alternate driver for USB devices can be loaded.
This policy setting prevents redirection of specific USB devices.If you enable this setting, an alternate driver for the USB device cannot be loaded.If you disable or do not configure this setting, an alternate driver for the USB device can be loaded.
This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting, "Found New Hardware" balloons do not appear while a device is being installed.If you disable or do not configure this policy setting, "Found New Hardware" balloons appear while a device is being installed, unless the driver for the device suppresses the balloons.
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting, an error report is not sent when a generic driver is installed.If you disable or do not configure this policy setting, an error report is sent when a generic driver is installed.
Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting, Windows will not send an error report to request additional software even if this is specified by the device driver.If you disable or do not configure this policy setting, Windows sends an error report when a device driver that requests additional software is installed.
This setting configures the location that Windows searches for drivers when a new piece of hardware is found.By default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update.Using this setting, you may remove the floppy and CD-ROM drives from the search algorithm.If you enable this setting, you can remove the locations by selecting the associated check box beside the location name.If you disable or do not configure this setting, Windows searches the installation location, floppy drives, and CD-ROM drives.Note: To prevent searching Windows Update for drivers also see "Turn off Windows Update device driver searching" in Administrative Templates/System/Internet Communication Management/Internet Communication settings.
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.Note: This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured.If you enable this setting, administrators will not be prompted to search Windows Update.If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers.
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.Note: This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Management/Internet Communication settings" is disabled or not configured.If you enable this setting, administrators will not be prompted to search Windows Update.If you disable or do not configure this setting, and "Turn off Windows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers.
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.Note that searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available.If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver is not locally available on the system.If you disable or do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting, you can select whether Windows searches Windows Update (WU), searches a Managed Server, or a combination of both.Note that if both are specified, then Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Windows then also search Windows Update.If you disable or do not configure this policy setting, members of the Administrators group can determine the server used in the search for device drivers.
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box (Control Panel > System and Security > System > Advanced System Settings > Hardware tab).If you disable or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device metadata from the Internet.
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default, a DFS client attempts to discover domain controllers every 15 minutes.If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.If you disable or do not configure this policy setting, the default value of 15 minutes applies.Note: The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting, Digital Locker will not run.If you disable or do not configure this setting, Digital Locker can be run.
Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting, Digital Locker will not run.If you disable or do not configure this setting, Digital Locker can be run.
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. Note: For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desk
This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss. If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken. If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. This policy setting takes effe
This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume.If you disable this policy setting, the system uses the NV cache to achieve faster boot and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time taken for shutdown and hibernate.If you do not configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.Note: This policy setting is applicable only if the NV cache feature is on.
This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting, the hard disks are not put into NV cache power save mode and no power savings are achieved.If you disable this policy setting, the hard disks are put into an NV cache power saving mode. In this mode, the system tries to save power by aggressively spinning down the disk.If you do not configure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode.Note: This policy setting is applicable only if the NV cache feature is on.
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.If you enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode.If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.Note: This policy setting will take effect on next boot.If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.
This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power. Note that this can cause increased wear of the NV cache.If you do not configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.Note: This policy setting is applicable only if the NV cache feature is on.
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.If you enable this policy setting, disk quota management is turned on, and users cannot turn it off.If you disable the policy setting, disk quota management is turned off, and users cannot turn it on.If this policy setting is not configured, disk quota management is turned off by default, but administrators can turn it on.To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.Note: This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.Note: To turn on or turn off disk quota management without specifying a setting, in My Comput
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting, disk quota limits are enforced. If you disable this policy setting, disk quota limits are not enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the setting is in effect.If you do not configure this policy setting, the disk quota limit is not enforced by default, but administrators can change the setting.Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to write to the volume as long as physical space is available.Note: This policy setting overrides user settings that enable or disable quota enforcement on th
This policy setting specifies the default disk quota limit and warning level for new users of the volume.This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.This setting overrides new users settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).If you disable or do not configure this policy setting, the disk space available to users is not limited. The disk quota ma
This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.If you enable this policy setting, the system records an event when the user reaches their limit. If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting while a setting is in effect.If you do not configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit.Also, this policy setting does not affect the Quota Entries window on the Quota tab.
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting, the system records an event. If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators cannot change logging while a policy setting is in effect.If you do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting.This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries window changes.Note: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click t
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only. Note: When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain.
Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP.To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.Important: In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows.If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and
Specifies if DNS client computers will register PTR resource records.By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.If you enable this policy setting, registration of PTR records will be determined by the option that you choose under Register PTR records.To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:Do not register: Computers will not attempt to register PTR resource records.Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records was not successful.Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.If you disable this policy setting, or if you do not configure this policy setting, computers will use locally configured sett
Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.If you enable this policy setting or if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource records during dynamic update.If you disable this
Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.Warning: If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds t
Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 3600 seconds (1 hour).
Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com."To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes.If you enable this policy setting, one DNS suffix is attached at a time f
Specifies the security level for dynamic DNS updates.To use this policy setting, click Enabled and then select one of the following values:Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.Only unsecure - computers send only nonsecure dynamic updates.Only secure - computers send only secure dynamic updates.If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.If you enable this policy setting, computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the root zone.If you disable this policy setting, or if you do not configure this policy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.Devolution is not enabled if a global suffix search list is configured using Group Policy.If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixe
Specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.Devolution is not enabled if a global suffix search list is configured using Group Policy.If a global suffix search list is not configured, and the Append prim
Specifies that link local multicast name resolution (LLMNR) is disabled on client computers.LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.If you disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot.For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list.If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a query for "server.corp" the DNS client wil
Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLMNR and NetBT queries.
Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks. If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks. Note: This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names such as "www.example.com" in addition to single-label names. If you disable this policy setting, or if you do not configure this policy setting, NetBT queries will only be issued for single-label names such as "example" and not for multi-label and fully qualified domain names.
Specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher in the binding order.Note: This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.If this policy setting is enabled, IDNs are not converted to Punycode.If this policy setting is disabled, or if this policy setting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
Specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.If this policy setting is enabled, IDNs are converted to the Nameprep form.If this policy setting is disabled, or if this policy setting is not configured, IDNs are not converted to the Nameprep form.
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this policy setting, window animations are turned off. If you disable or do not configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied.
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this policy setting, window animations are turned off. If you disable or do not configure this policy setting, window animations are turned on. Changing this policy setting requires a logoff for it to be applied.
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. If you enable this policy setting, Flip 3D is inaccessible. If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting requires a logoff for it to be applied.
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the Windows desktop as they are being flipped through in three dimensions. If you enable this policy setting, Flip 3D is inaccessible. If you disable or do not configure this policy setting, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting requires a logoff for it to be applied.
This policy setting controls the Start background visuals.If you enable this policy setting, the Start background will use a solid color.If you disable or do not configure this policy setting, the Start background will use the default visuals.Note: If this policy setting is enabled, users can continue to select a color in Start Personalization. However, setting the accent will have no effect.
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color. If you disable or do not configure this policy setting, the default internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. If you disable or do not configure this policy setting, you allow users to change the default window frame color. Note: This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. If you disable or do not configure this policy setting, you allow users to change the default window frame color. Note: This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
This policy setting allows you to turn on logging of misconversion for the misconversion report.If you enable this policy setting, misconversion logging is turned on.If you disable or do not configure this policy setting, misconversion logging is turned off. This policy setting applies to Japanese Microsoft IME and Simplified Chinese Microsoft Pinyin.
This policy setting allows you to turn off saving the auto-tuning result to file.If you enable this policy setting, the auto-tuning data is not saved to file. If you disable or do not configure this policy setting, auto-tuning data is saved to file by default.This policy setting applies to Japanese Microsoft IME only.
This policy setting allows you to turn off history-based predictive input.If you enable this policy setting, history-based predictive input is turned off. If you disable or do not configure this policy setting, history-based predictive input is on by default.This policy setting applies to Japanese Microsoft IME only.Note: Changes to this setting will not take effect until the user logs off.
This policy setting allows you to turn off Open Extended Dictionary.If you enable this policy setting, Open Extended Dictionary is turned off. You cannot add a new Open Extended Dictionary.For Japanese Microsoft IME, an Open Extended Dictionary that is added before enabling this policy setting is not used for conversion.For Simplified Chinese Microsoft Pinyin, an Open Extended Dictionary that is added before enabling this policy setting is still used for conversion.If you disable or do not configure this policy setting, Open Extended Dictionary can be added and used by default.This policy setting is applied to Japanese Microsoft IME and Simplified Chinese Microsoft Pinyin.
This policy setting allows you to turn off Internet search integration.If you enable this policy setting, you cannot add a new search integration configuration file. A search integration configuration file that was installed before enabling this policy setting is not used.If you disable or do not configure this policy setting, the search integration function can be used by default.This policy setting applies to Japanese Microsoft IME, Simplified Chinese Microsoft Pinyin, and Traditional Chinese New Phonetic.
This policy setting allows you to turn off the ability to use a custom dictionary.If you enable this policy setting, you cannot add, edit, and delete words in the custom dictionary either with GUI tools or APIs. A word registered in the custom dictionary before enabling this policy setting is not used for conversion.If you disable or do not configure this policy setting, the custom dictionary can be used by default.For Japanese Microsoft IME, [Clear auto-tuning information] works, even if this policy setting is enabled, and it clears self-tuned words from the custom dictionary.This policy setting is applied to Japanese Microsoft IME and Simplified Chinese Microsoft Pinyin.
This policy setting allows you to restrict character code range of conversion by setting character filter.If you enable this policy setting, then only the character code ranges specified by this policy setting are used for conversion of IME. You can specify multiple ranges by setting a value combined with a bitwise OR of following values:0x0001 // JIS208 area0x0002 // NEC special char code0x0004 // NEC selected IBM extended code0x0008 // IBM extended code0x0010 // Half width katakana code0x0100 // EUDC(GAIJI)0x0200 // S-JIS unmapped area0x0400 // Unicode char0x0800 // surrogate char0x1000 // IVS char0xFFFF // no definition.If you disable or do not configure this policy setting, no range of characters are filtered by default.This policy setting applies to Japanese Microsoft IME only.Note: Changes to this setting will not take effect until the user logs off.
This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyph for the word exists.If you enable this policy setting, Non-Publishing Standard Glyph is not included in the candidate list when Publishing Standard Glyph for the word exists.If you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the candidate list.This policy setting applies to Japanese Microsoft IME only.Note: Changes to this setting will not take effect until the user logs off.
This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:- Good: The driver has been signed and has not been tampered with.- Bad: The driver has been identified as malware. It is recommended that you do not allow known bad drivers to be initialized.- Bad, but required for boot: The driver has been identified as malware, but the computer cannot successfully boot without loading this driver.- Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antimalware boot-start driver.If you enable this policy setting you will be able to choose which boot-start drivers to initialize the next time the computer is started.If you disable or do not configure this policy setting, the boot start drivers determined to be G
If you enable this setting, users will not be allowed to switch between recent apps. The App Switching option in the PC settings app will be disabled as well.If you disable or do not configure this policy setting, users will be allowed to switch between recent apps.
This policy setting prevents Windows from keeping track of the apps that are used and searched most frequently. If you enable this policy setting, apps will be sorted alphabetically in: - search results - the Search and Share panes - the drop-down app list in the Picker If you disable or don't configure this policy setting, Windows will keep track of the apps that are used and searched most frequently. Most frequently used apps will appear at the top.
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting, only USB root hub connected Enhanced Storage devices are allowed.If you disable or do not configure this policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.
This policy setting configures whether or not users can provision certificates on Enhanced Storage certificate silo devices.If you enable this policy setting, users can provision certificates on Enhanced Storage certificate silo devices.If you disable or do not configure this policy setting, users cannot provision certificates on Enhanced Storage certificate silo devices.
This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting, the Enhanced Storage device remains locked when the computer is locked.If you disable or do not configure this policy setting, the Enhanced Storage device state is not changed when the computer is locked.
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting, non-Enhanced Storage removable devices are not allowed on your computer.If you disable or do not configure this policy setting, non-Enhanced Storage removable devices are allowed on your computer.
This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting, a password cannot be used to unlock an Enhanced Storage device.If you disable or do not configure this policy setting, a password can be used to unlock an Enhanced Storage device.
This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on your computer.If you enable this policy setting, only IEEE 1667 silos that match a silo type identifier specified in this policy are usable on your computer.If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable on your computer.
This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer.This policy setting only applies to Enhanced Storage devices that support a Certificate Authentication Silo.If you enable this policy setting, only Enhanced Storage devices that contain a manufacturer and product ID specified in this policy are usable on your computer.If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer.
This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reporting is enabled.This policy setting does not enable or disable Windows Error Reporting. To turn Windows Error Reporting on or off, see the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings.Important: If the Turn off Windows Error Reporting policy setting is not configured, then Control Panel settings for Windows Error Reporting override this policy setting.If you enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the following settings in the policy setting:- ""Do not display links
This policy setting controls whether users are shown an error dialog box that lets them report an error.If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.See also the Configure Error Reporting policy setting.
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in the Action Center in Control Panel.If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in the Action Center in Control Panel.If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting, Windows Error Reporting events are not recorded in the system event log.If you disable or do not configure this policy setting, Windows Error Reporting events and errors are logged to the system event log, as with other Windows-based programs.
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CAB file containing data about the same event types has already been uploaded to the server.If you enable this policy setting, WER does not throttle data; that is, WER uploads additional CAB files that can contain data about the same event types as an earlier uploaded report.If you disable or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a report that contains data about the same event types.
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By default, when a computer is running on battery power, WER only checks for solutions, but does not upload additional report data until the computer is connected to a more permanent power source.If you enable this policy setting, WER does not determine whether the computer is running on battery power, but checks for solutions and uploads report data normally.If you disable or do not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data until the computer is connected to a more permanent power source.
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amount of data that is sent over the network.If you enable this policy setting, WER does not check for network cost policy restrictions, and transmits data even if network cost is restricted.If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the network profile is changed.
This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is enabled.If you enable this policy setting, you can instruct Windows Error Reporting in the Default pull-down menu to report either all application errors (the default setting), or no application errors.If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. The Windows applications category is a subset of Microsoft applications.If you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setting in Control Panel is Upload all applications.This policy setting is ignored if the Configure Error Reporting policy setting is disabled
This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy setting, and in the
This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all application errors.If you enable this policy setting, you can create a list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated by applications on this
This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting, Windows Error Reporting includes operating system errors.If you disable this policy setting, operating system errors are not included in error reports.If you do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Control Panel are set to upload operating system errors.See also the Configure Error Reporting policy setting.
This policy setting controls the behavior of the Windows Error Reporting archive.If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
This policy setting controls the behavior of the Windows Error Reporting archive.If you enable this policy setting, you can configure Windows Error Reporting archiving behavior. If Archive behavior is set to Store all, all data collected for each error report is stored in the appropriate location. If Archive behavior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatically deleted.If you disable or do not configure this policy setting, no Windows Error Reporting information is stored.
This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send error reports to Microsoft).If you enable this policy setting, you can specify the name or IP address of an error report destination server on your organizations network. You can also select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destination server for transmission.If you disable or do not configure this policy setting, Windows Error Reporting sends error reports to Microsoft.
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting, you can create a list of applications that are never included in error reports. To create a list of applications for which Windows Error Reporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the Exclude errors for applications on this list setting takes precedence.If you disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
This policy setting determines the behavior of the Windows Error Reporting report queue.If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel.The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check reminders determines the interval time between the display of system notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder.If yo
This policy setting determines the behavior of the Windows Error Reporting report queue.If you enable this policy setting, you can configure report queue behavior by using the controls in the policy setting. When the Queuing behavior pull-down list is set to Default, Windows determines, when a problem occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page in Control Panel.The Maximum number of reports to queue setting determines how many reports can be queued before older reports are automatically deleted. The sett
This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data
This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting, the default consent levels of Windows Error Reporting always override any other consent policy setting.If you disable or do not configure this policy setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent setting determines only the consent level of any other error reports.
This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:- Always ask before sending data: Windows prompts users for consent to send reports.- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.- Send all data: any error reporting data requested by Microsof
This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:- Always ask before sending data: Windows prompts users for consent to send reports.- Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send any additional data that is requested by Microsoft.- Send parameters and safe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft.- Send all data: any error reporting data requested by Microsof
This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.Use the following syntax when using the HTTPS protocol:Server=https://<FQDN of the collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client authentication certificate>. When using the HTTP protocol, use port 5985.If you disable or do not configure this policy setting, the Event Collector computer will not be specified.
This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.If you disable or do not configure this policy setting, forwarder resource usage is not specified.This setting applies across all subscriptions for the forwarder (source computer).
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled, the Event Log file is automatically closed and renamed when it is full. A new file is then started.If you disable this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and old events are retained.If you do not configure this policy setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting, only those users matching the security descriptor can access the log.If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.
This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting, the Event Log uses the path specified in this policy setting.If you disable or do not configure this policy setting, the Event Log uses the system32 or system64 subdirectory.
This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log.If you disable or do not configure this policy setting, only system software and administrators can read or clear this log.
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting, only those users matching the security descriptor can access the log.If you disable or do not configure this policy setting, all authenticated users and system services can write, read, or clear this log.
This policy setting turns on logging.If you enable or do not configure this policy setting, then events can be written to this log.If the policy setting is disabled, then no new events can be logged. Events can always be read from the log, regardless of this policy setting.
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting, only users whose security descriptor matches the configured value can access the log.If you disable or do not configure this policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it.
This is the program that will be invoked when the user clicks the events.asp link.
This specifies the command line parameters that will be passed to the events.asp program
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.
This policy setting configures File Explorer to always display the menu bar.Note: By default, the menu bar is not displayed in File Explorer.If you enable this policy setting, the menu bar will be displayed in File Explorer.If you disable or do not configure this policy setting, the menu bar will not be displayed in File Explorer.Note: When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.Note: Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.
Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Control Panel item.If you disable this setting, booting to Windows To Go when a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration.If you do not configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
Specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can't hibernate the PC.
Specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
This policy setting allows you to turn off File History.If you enable this policy setting, File History cannot be activated to create regular, automatic backups.If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
This policy setting allows you to configure the recovery behavior for corrupted files to one of three states:Regular: Detection, troubleshooting, and recovery of corrupted files will automatically start with a minimal UI display. Windows will attempt to present you with a dialog box when a system restart is required. This is the default recovery behavior for corrupted files.Silent: Detection, troubleshooting, and recovery of corrupted files will automatically start with no UI. Windows will log an administrator event when a system restart is required. This behavior is recommended for headless operation.Troubleshooting Only: Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery is not attempted automatically. Windows will log an administrator event with instructions if manual recovery is possible.If you enable this setting, the recovery behavior for corrupted files will be set to either the regular (default), silent, or troubleshooting only state.If you disable this set
This policy setting configures the maximum age of a file share shadow copy. File share shadow copies that are older than this age will be deleted by the File Share Shadow Copy Agent. Both the exposed shadow copy share and the corresponding volume shadow copy will be deleted.If you enable this policy setting, the value specified determines the maximum age of a file share shadow copy.If you disable or do not configure this policy setting, file share shadow copies older than 24 hours will be deleted.
Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled.VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. Note: To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service .
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:Local Link to a Local TargetLocal Link to a Remote TargetRemote Link to Remote TargetRemote Link to Local TargetFor further information please refer to the Windows Help sectionNOTE: If this policy is Disabled or Not Configured, local administrators may select the types of symbolic links to be evaluated.
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0, the default, will enable delete notifications for all volumes. A value of 1 will disable delete notifications for all volumes.
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use the APIs.
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder.Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.If you enable this policy setting, users must manually select the files they wish to make available offline. If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline. Note: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. Note: Do not enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.Note: If one or more valid folder GUIDs are specified in the policy setting "D
This policy setting allows you to control whether individual redirected shell folders are available offline by default.For the folders affected by this setting, users must manually select the files they wish to make available offline.If you disable or do not configure this policy setting, all redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.Note: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.Note: The configuration of this policy for any folder will override the configured value of "Do not automatically make all redirected folders available offline".
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.If you disable or not configure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder.Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.If you disable or do not configure this policy setting, when the path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies the contents of the local cache to the new net
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.Note: If you enable this policy setting
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures folders, the folders are redirected on the user's primary computer only.If you disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the user logs on to.Note: If you enable this policy setting
This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user.If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. Note: This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time.If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting.
Hides the Preview Pane in File Explorer.If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user.If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.No system restart or service restart is required for this policy setting to take effect: changes take effect
Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not configure this setting, game information will be downloaded from Windows Metadata Services.
Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting, the last played time will be displayed to the user.
Manages download of game update information from Windows Metadata Services.If you enable this setting, game update information will not be downloaded. If you disable or do not configure this setting, game update information will be downloaded from Windows Metadata Services.
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.If you disable or do not configure this policy setting, the user can select a custom locale as their user locale.If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales, adjust the permissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users.The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not configured.If you enable this policy setting, the user cannot select a custom locale as their user locale, but they can still select a replacement locale if one is installed.If you disable or do not configure this policy setting, the user can select a custom locale as their user locale.If this policy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine level, the per
This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy setting does not change the existing system locale; however, the next time that an administrator attempts to change the computer's system locale, they will be restricted to the specified list.The locale list is specified using language names, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States) and English (Canada).If you enable this policy setting, administrators can select a system locale only from the specified system locale list.If you disable or do not configure this policy setting, administrators can select any system locale shipped with the operating system.
This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt. If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page. If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada).If you enable this policy setting, only locales in the specified locale list can be selected by users.If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.If this policy setting is enabled at t
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to their current values. This policy setting does not change existing user locale settings; however, the next time a user attempts to change their user locale, their choices will be restricted to locales in this list.To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setting.The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (Canada).If you enable this policy setting, only locales in the specified locale list can be selected by users.If you disable or do not configure this policy setting, users can select any locale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting.If this policy setting is enabled at t
This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting, users cannot change their GeoID.If you disable or do not configure this policy setting, users may select any GeoID.If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting, users cannot change their GeoID.If you disable or do not configure this policy setting, users may select any GeoID.If you enable this policy setting at the computer level, it cannot be disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings.To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides.If this policy setting is disabled or not configured, then the user can customize their user locale overrides.If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.To set this policy on a per-user basis, make su
This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, first reset the user(s) values to the defaults and then apply this policy.When this policy setting is enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides.If this policy setting is disabled or not configured, then the user can customize their user locale overrides.If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies.To set this policy on a per-user basis, make su
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not, however, prevent an administrator or another application from changing these values programmatically.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting, the user cannot see the Administrative options.If you disable or do not configure this policy setting, the user can see the Administrative options.Note: Even if a user can see the Administrative options, other policies may prevent them from modifying the values.
This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting, the user does not see the option to change the GeoID. This does not prevent the user or an application from changing the GeoID programmatically.If you disable or do not configure this policy setting, the user sees the option for changing the user location (GeoID).Note: Even if a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their current geographical location.
This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting, the user does not see the option for changing the UI language. This does not prevent the user or an application from changing the UI language programmatically.If you disable or do not configure this policy setting, the user sees the option for changing the UI language.Note: Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their UI language.
This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting, the user does not see the regional formats options. This does not prevent the user or an application from changing their user locale or user overrides programmatically.If you disable or do not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language will follow the language specified by the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system UI languages.If you disable or do not configure this policy setting, the user can specify which UI language is used.
This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the user.If you disable or do not configure this policy setting, there is no restriction on which language users should use.To enable this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs language" policy setting.
This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs.
This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer, the language selection defaults to English.If you enable this policy setting, the dialog box controls in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a language different than the one used.To enable this policy setting in Windows Vista, use the "Restricts the UI languages Windows should use for the selected user" policy setting.If you disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options control panel to select any available UI language.
This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from changing the setting programmatically. The offer text predictions as I type option controls whether or not text prediction suggestions will be presented to the user on the on-screen keyboard. If the policy is Enabled, then the option will be locked to not offer text predictions. If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is dependent on supported languages being enabled.
This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an application from changing the setting programmatically. The insert a space after selecting a text prediction option controls whether or not a space will be inserted after the user selects a text prediction candidate when using the on-screen keyboard. If the policy is Enabled, then the option will be locked to not insert a space after selecting a text prediction. If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is dependent on supported languages being enabled.
This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically. The autocorrect misspelled words option controls whether or not errors in typed text will be automatically corrected. If the policy is Enabled, then the option will be locked to not autocorrect misspelled words. If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is dependent on supported languages being enabled.
This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from changing the setting programmatically. The highlight misspelled words option controls whether or next spelling errors in typed text will be highlighted. If the policy is Enabled, then the option will be locked to not highlight misspelled words. If the policy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability and function of this setting is dependent on supported languages being enabled.
This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not used by any users on that machine. If you enable this policy setting, language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system. If you disable or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly, consult the documentation or manufacturer of the program.If you enable this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value are interpreted as being preceded by 19.For example, the default value, 2029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930 to 1999.If you disable or do not configure this policy setting, Windows does not interpret two-digit year formats using this scheme for the progr
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.If you enable this policy setting, automatic learning
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning enables the collection and storage of text and ink written by the user in order to help adapt handwriting recognition to the vocabulary and handwriting style of the user. Text that is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information.If you enable this policy setting, automatic learning
This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default, Window Server processes user Group Policy settings synchronously.If you enable this policy setting, Windows applies user Group Policy settings asynchronously, when logging on through Remote Desktop Services.If you disable or do not configure this policy setting, Windows Server applies user Group Policy settings synchronously.Note: This policy setting applies only to computers running Remote Desktop Services.
Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used for Active Directory.
This policy setting prevents the Group Policy Client Service from stopping when idle.
This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection for the purposes of applying and updating Group Policy. When Group Policy detects the bandwidth speed of a Direct Access connection, the detection can sometimes fail to provide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option to override the default to slow network connection and instead default to using a fast network connection in the case that no network bandwidth speed is determined. Note: When Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing across a slow link (slow network connection). If you enab
This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) when a slow network connection is detected. If you enable this policy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner.Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the background after the network becomes available. Note that because this is a background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirectionand Drive Maps preference extension will not be applied. Note: There are two conditions that will cause Group Policy to be processed synchronously even if this policy setti
This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied.If you enable this policy setting, the system does not process and apply any Local GPOs.If you disable or do not configure this policy setting, Local GPOs continue to be applied.Note: For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup.
This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until the network is available or the default wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.If you enable this policy setting, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time.If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds on computers running Windows Vista operating system.
This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests.This policy setting affects all user accounts that interactively log on to a computer in a different forest when a trust across forests or a two-way forest trust exists.If you do not configure this policy setting:- No user-based policy settings are applied from the user's forest.- Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message appears to the user, and an event log message (1529) is posted.- Loopback Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer.- An event log message (1109) is posted, stating that loopback was invoked in Replace mode.If you enable this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed from the trusted forest.If you disable
This policy setting determines when software installation policies are updated.This policy setting affects all policy settings that use the software installation component of Group Policy, such as policy settings in Software Settings\Software Installation. You can set software installation policy only for Group Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer.This policy setting overrides customized settings that the program implementing the software installation policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Process even if the Group Policy objects ha
This policy setting determines when disk quota policies are updated.This policy setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\Disk Quotas.This policy setting overrides customized settings that the program implementing the disk quota policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will
This policy setting determines when encryption policies are updated.This policy setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings.It overrides customized settings that the program implementing the encryption policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until th
This policy setting determines when folder redirection policies are updated.This policy setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can only set folder redirection policy for Group Policy objects, stored in Active Directory, not for Group Policy objects on the local computer.This policy setting overrides customized settings that the program implementing the folder redirection policy setting set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Process even if the Group Policy objects have not changed" option up
This policy setting determines when Internet Explorer Maintenance policies are updated.This policy setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Settings\Internet Explorer Maintenance.This policy setting overrides customized settings that the program implementing the Internet Explorer Maintenance policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updat
This policy setting determines when IP security policies are updated.This policy setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Local Machine.This policy setting overrides customized settings that the program implementing the IP security policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates
This policy setting determines when registry policies are updated.This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to
This policy setting determines when policies that assign shared scripts are updated.This policy setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings that the program implementing the scripts policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this setting, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system rest
This policy setting determines when security policies are updated.This policy setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings.This policy setting overrides customized settings that the program implementing the security policy set when it was installed.If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they be updated only when changed. Howe
This policy setting determines when policies that assign wireless network settings are updated.This policy setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\Wireless Network Policies.It overrides customized settings that the program implementing the wireless network set when it was installed.If you enable this policy, you can use the check boxes provided to change the options.If you disable this setting or do not configure it, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until t
This policy setting determines when policies that assign wired network settings are updated.This policy setting affects all policies that use the wired network component of Group Policy, such as those in Windows Settings\Wired Network Policies.It overrides customized settings that the program implementing the wired network set when it was installed.If you enable this policy, you can use the check boxes provided to change the options.If you disable this setting or do not configure it, it has no effect on the system.The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays.The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next use
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.If you enable this policy setting, interactive users cannot generate RSoP data.If you disable or do not configure this policy setting, interactive users can generate RSoP.Note: This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.Note: To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.mscNote: This policy setting exists as both a User Configuration and Computer Configuration setting.Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default, interactively logged on users can view their own Resultant Set of Policy (RSoP) data.If you enable this policy setting, interactive users cannot generate RSoP data.If you disable or do not configure this policy setting, interactive users can generate RSoP.Note: This policy setting does not affect administrators. If you enable or disable this policy setting, by default administrators can view RSoP data.Note: To view RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the command line by typing RSOP.mscNote: This policy setting exists as both a User Configuration and Computer Configuration setting.Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy Object Editor. Administrators might want to use this if they are concerned about the amount of space used on the system volume of a DC.By default, when you start the Group Policy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO.Changing the status of this setting to Enabled will keep any source files from copying to the GPO.Changing the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timestamp.NOTE: If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled.
This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers, users, and domain controllers.If you enable this policy setting, the system waits until the current user logs off the system before updating the computer and user settings.If you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh interval for users" policy settings.Note: If you make changes to this policy setting, you must restart your computer for it to take effect.
This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting, users are not able to invoke a refresh of computer policy. Computer policy will still be applied at startup or when an official policy refresh occurs.If you disable or do not configure this policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a specified refresh interval or when manually invoked by the user.Note: This policy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this policy setting is configured.Also, see the "Set Group Policy refresh interval for computers" policy setting to change the policy refresh interval.Note: If you make changes to this policy setting, you must restart your computer for it to take effect.
This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings, which are fully supported by Group Policy, must use registry entries in the Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear.If you disable or do not configure this policy setting, the "Show Policies Only" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command.Note: To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates folder (either one), right-click the same folde
This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting, you can which domain controller is used according to these options:"Use the Primary Domain Controller" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller designated as the PDC Operations Master for the domain."Inherit from Active Directory Snap-ins" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use."Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any available domain controller.If you disable this setting or do not configure it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain.Note: To change the PDC Operations Master for a domain, in Active Di
This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.This setting appears in the Comp
This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting, the system considers the connection to be slow.The system's response to a slow policy connection varies among policies. The program implementing the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs' specified responses to slow links.If you enable this setting, you can, in the "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fast.If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per second.This setting appears in the Comp
This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configuration folder.In addition to background updates, Group Policy for the computer is always updated when the system starts.By default, computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.If you disable this setting, Group Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, select the "Turn off background refresh of Group Poli
This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when the system starts.By default, Group Policy on the domain controllers is updated every five minutes.If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.If you disable or do not configure this setting, the domain controller updates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Policy" setting.This setting also lets you specify how much the actual update interval varies. To
This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This setting specifies a background update rate only for the Group Policies in the User Configuration folder.In addition to background updates, Group Policy for users is always updated when users log on.By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes.If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installations.If you disable this setting, user Group Policy is updated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select the "Turn off background refresh of Group Poli
This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.
This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting, you can create all new Group Policy object links in the disabled state by default. After you configure and test the new object links by using a policy compliant Group Policy management tool such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system.If you disable this setting or do not configure it, new Group Policy object links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the object link.
This policy setting lets you always use local ADM files for the Group Policy snap-in.By default, when you edit a Group Policy Object (GPO) using the Group Policy Object Editor snap-in, the ADM files are loaded from that GPO into the Group Policy Object Editor snap-in. This allows you to use the same version of the ADM files that were used to create the GPO while editing this GPO.This leads to the following behavior:- If you originally created the GPO with, for example, an English system, the GPO contains English ADM files.- If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO.You can change this behavior by using this setting.If you enable this setting, the Group Policy Object Editor snap-in always uses local ADM files in your %windir%\inf directory when editing GPOs.This leads to the following behavior:- If you had originally created the GPO with an English system, and then you edit the GPO with a Japanese system, the Group Policy Object Editor
This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied, where they came from, and the client-side extension settings that were included.If you enable this setting, RSoP logging is turned off.If you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on.Note: To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Console (MMC).
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.By default, the user's Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which set of Group Policy Objects applies.If you enable this setting, you can select one of the following modes from the Mode box:"Replace" indicates that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user."Merge" indicates that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the
This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked until workplace connectivity is available or the wait time is reached. If the startup policy processing is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting overrides any system-computed wait times.If you enable this policy setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or system-computed wait time.If you disable or do not configure this policy setting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7 configured for workplace connectivity.
This policy setting allows you to configure when preference items in the Applications preference extension are updated.If you enable this policy setting, you can configure processing options for Application preference items.If you disable or do not configure this policy setting, Application preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item change
This policy setting allows you to configure the level of detail recorded by event logging for the Applications preference extension, and to turn on tracing for the Applications extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Applications extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This
This policy setting allows you to configure when preference items in the Data Sources preference extension are updated.If you enable this policy setting, you can configure processing options for Data Sources preference items.If you disable or do not configure this policy setting, Data Sources preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item chan
This policy setting allows you to configure the level of detail recorded by event logging for the Data Sources preference extension, and to turn on tracing for the Data Sources extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Data Sources extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This
This policy setting allows you to configure when preference items in the Devices preference extension are updated.If you enable this policy setting, you can configure processing options for Device preference items.If you disable or do not configure this policy setting, Device preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not take e
This policy setting allows you to configure the level of detail recorded by event logging for the Devices preference extension, and to turn on tracing for the Devices extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Devices extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference exte
This policy setting allows you to configure when preference items in the Drive Maps preference extension are updated.If you enable this policy setting, you can configure processing options for Drive Maps preference items.If you disable or do not configure this policy setting, Drive Maps preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do
This policy setting allows you to configure the level of detail recorded by event logging for the Drive Maps preference extension, and to turn on tracing for the Drive Maps extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Drive Maps extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This prefer
This policy setting allows you to configure when preference items in the Environment preference extension are updated.If you enable this policy setting, you can configure processing options for Environment Variable preference items.If you disable or do not configure this policy setting, Environment Variable preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, prefe
This policy setting allows you to configure the level of detail recorded by event logging for the Environment preference extension, and to turn on tracing for the Environment extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Environment extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This pre
This policy setting allows you to configure when preference items in the Files preference extension are updated.If you enable this policy setting, you can configure processing options for File preference items.If you disable or do not configure this policy setting, File preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not take effect
This policy setting allows you to configure the level of detail recorded by event logging for the Files preference extension, and to turn on tracing for the Files extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Files extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference extension
This policy setting allows you to configure when preference items in the Folder Options preference extension are updated.If you enable this policy setting, you can configure processing options for Folder Options, Open With, and File Type preference items.If you disable or do not configure this policy setting, Folder Options, Open With, and File Type preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use.
This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference extension, and to turn on tracing for the Folder Options extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Folder Options extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing:
This policy setting allows you to configure when preference items in the Folders preference extension are updated.If you enable this policy setting, you can configure processing options for Folder preference items.If you disable or do not configure this policy setting, Folder preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not take e
This policy setting allows you to configure the level of detail recorded by event logging for the Folders preference extension, and to turn on tracing for the Folders extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Folders extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference exte
This policy setting allows you to configure when preference items in the Ini Files preference extension are updated.If you enable this policy setting, you can configure processing options for Ini Files preference items.If you disable or do not configure this policy setting, Ini Files preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do no
This policy setting allows you to configure the level of detail recorded by event logging for the Ini Files preference extension, and to turn on tracing for the Ini Files extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Ini Files extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preferenc
This policy setting allows you to configure when preference items in the Internet Settings preference extension are updated.If you enable this policy setting, you can configure processing options for Internet preference items.If you disable or do not configure this policy setting, Internet preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes
This policy setting allows you to configure the level of detail recorded by event logging for the Internet preference extension, and to turn on tracing for the Internet extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Internet extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference e
This policy setting allows you to configure when preference items in the Local Users and Groups preference extension are updated.If you enable this policy setting, you can configure processing options for Local User and Local Group preference items.If you disable or do not configure this policy setting, Local User and Local Group preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background upda
This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group preference extension, and to turn on tracing for the Local User and Local Group extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Local User and Local Group extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is create
This policy setting allows you to configure when preference items in the Network Options preference extension are updated.If you enable this policy setting, you can configure processing options for VPN Connection and DUN Connection preference items.If you disable or do not configure this policy setting, VPN Connection and DUN Connection preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgrou
This policy setting allows you to configure the level of detail recorded by event logging for the Network Options preference extension, and to turn on tracing for the Network Options extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Network Options extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration traci
This policy setting allows you to configure when preference items in the Network Shares preference extension are updated.If you enable this policy setting, you can configure processing options for Network Shares preference items.If you disable or do not configure this policy setting, Network Shares preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference ite
This policy setting allows you to configure the level of detail recorded by event logging for the Network Shares preference extension, and to turn on tracing for the Network Shares extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Network Shares extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing:
This policy setting allows you to configure when preference items in the Power Options preference extension are updated.If you enable this policy setting, you can configure processing options for Power Options and Power Scheme preference items.If you disable or do not configure this policy setting, Power Options and Power Scheme preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updat
This policy setting allows you to configure the level of detail recorded by event logging for the Power Options preference extension, and to turn on tracing for the Power Options extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Power Options extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: Th
This policy setting allows you to configure when preference items in the Printers preference extension are updated.If you enable this policy setting, you can configure processing options for Shared Printer, TCP/IP Printer, and Local Printer preference items.If you disable or do not configure this policy setting, Shared Printer, TCP/IP Printer, and Local Printer preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer
This policy setting allows you to configure the level of detail recorded by event logging for the Printers preference extension, and to turn on tracing for the Printers extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Printers extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference e
This policy setting allows you to configure when preference items in the Regional Options preference extension are updated.If you enable this policy setting, you can configure processing options for Regional Options preference items.If you disable or do not configure this policy setting, Regional Options preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preferen
This policy setting allows you to configure the level of detail recorded by event logging for the Regional Options preference extension, and to turn on tracing for the Regional Options extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Regional Options extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tr
This policy setting allows you to configure when preference items in the Registry preference extension are updated.If you enable this policy setting, you can configure processing options for Registry preference items.If you disable or do not configure this policy setting, Registry preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not t
This policy setting allows you to configure the level of detail recorded by event logging for the Registry preference extension, and to turn on tracing for the Registry extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Registry extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference e
This policy setting allows you to configure when preference items in the Scheduled Tasks preference extension are updated.If you enable this policy setting, you can configure processing options for Scheduled Task and Immediate Task preference items.If you disable or do not configure this policy setting, Scheduled Task and Immediate Task preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgrou
This policy setting allows you to configure the level of detail recorded by event logging for the Scheduled Tasks preference extension, and to turn on tracing for the Scheduled Tasks extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Scheduled Tasks extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration traci
This policy setting allows you to configure when preference items in the Services preference extension are updated.If you enable this policy setting, you can configure processing options for Service preference items.If you disable or do not configure this policy setting, Service preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not tak
This policy setting allows you to configure the level of detail recorded by event logging for the Services preference extension, and to turn on tracing for the Services extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Services extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preference e
This policy setting allows you to configure when preference items in the Shortcuts preference extension are updated.If you enable this policy setting, you can configure processing options for Shortcut preference items.If you disable or do not configure this policy setting, Shortcut preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do not
This policy setting allows you to configure the level of detail recorded by event logging for the Shortcuts preference extension, and to turn on tracing for the Shortcuts extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Shortcuts extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This preferenc
This policy setting allows you to configure when preference items in the Start Menu preference extension are updated.If you enable this policy setting, you can configure processing options for Start Menu preference items.If you disable or do not configure this policy setting, Start Menu preference items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."Notes:1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the background while the computer is in use. When background updates are disabled, preference item changes do
This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension, and to turn on tracing for the Start Menu extension. Logging and tracing provide diagnostic information for troubleshooting.If you enable this policy setting, you can configure event logging and turn on tracing for the Start Menu extension for client computers.If you disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off.Notes:1. User Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.2. Computer Configuration tracing: This prefer
This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited, no Application preference item types appear when you attempt to create a new Application preference item, and you are unable to do so. This policy setting does not affect existing Application preference items.If you enable or do not configure this policy setting, you permit use of Application snap-ins. Enabling this policy setting does not override policy settings that restrict the use of preference extensions.If you disable this policy setting, you prohibit use of Applications snap-ins, and new Application preference items cannot be created.
This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited, it does not appear in the Group Policy Management Editor window.If you enable this policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for Computer Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that are disabled.If you disable this policy setting, you prohibit use of preference extensions under Control Panel Settings for Computer Configuration. D
This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Devices preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Drive Maps preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Ini Files preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Network Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Network Shares preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Printers preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Regional Options preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.
This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
This policy setting allows you to permit or prohibit use of the Services preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Computers)" policy setting. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Control Panel Settings (Computers)" policy settings.
This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting.
This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited, it does not appear in the Group Policy Management Editor window of the GPMC.If you enable this policy setting, you permit use of the preference extension unless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting.If you disable this policy setting, you prohibit use of the preference extension.If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited, it does not appear in the Group Policy Management Editor window.If you enable this policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for User Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that are disabled.If you disable this policy setting, you prohibit use of preference extensions under Control Panel Settings for User Configuration. Disabling thi
This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited, the Preferences tab does not appear when you view a preference extension in the Group Policy Management Editor window of the GPMC. The Extended and Standard tabs are unaffected, and you can still create and manage preference items.If you enable this policy setting, you permit use of the Preferences tab. Enabling this policy setting does not override policy settings that restrict the use of preference extensions.If you disable this policy setting, you prohibit use of the Preferences tab.If you do not configure this policy setting, you permit use of the Preferences tab.
This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting. If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders. To restrict the commands to one or more folders, enable the policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". Note: An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %programfiles% is not d
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting, DEP for HTML Help Executable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities.
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.If you disable or do not configure this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).
This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting, ratings controls are not added to Help content.If you disable or do not configure this policy setting, ratings controls are added to Help topics.Users can use the control to provide feedback on the quality and usefulness of the Help and Support content.
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting, users cannot participate in the Help Experience Improvement program.If you disable or do not configure this policy setting, users can turn on the Help Experience Improvement program feature from the Help and Support settings page.
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and have not disabled Windows Online from the Help and Support Options page.
This policy setting defines whether Wi-Fi hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.If a Wi-Fi hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.If you enable this policy setting, or if you do not configure this policy setting, Wi-Fi hotspots are automatically probed for WISPR protocol support.If you disable this policy setting, Wi-Fi hotspots are not probed for WISPr protocol support, and users can only authenticate with Wi-Fi hotspots using a web browser.
This policy setting allows you to manage whether HotStart buttons can be used to launch applications.If you enable this policy setting, applications cannot be launched using the HotStart buttons.If you disable or do not configure this policy setting, applications can be launched using the HotStart buttons.
This policy setting allows you to manage whether HotStart buttons can be used to launch applications.If you enable this policy setting, applications cannot be launched using the HotStart buttons.If you disable or do not configure this policy setting, applications can be launched using the HotStart buttons.
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.If you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If you enable this setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features cannot access the Internet.If you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their respective features can access the Internet.If you do not configure this policy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities.If you disable or do not configure this policy setting, your computer will contact the Windows Update website.
This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.If you enable this policy setting, print drivers cannot be downloaded over HTTP.If you disable or do not configure this policy setting, users can download print drivers over HTTP.
This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.If you enable this policy setting, print drivers cannot be downloaded over HTTP.If you disable or do not configure this policy setting, users can download print drivers over HTTP.
This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.If you enable this policy setting, Windows Update is not searched when a new device is installed.If you disable this policy setting, Windows Update is always searched for drivers when no local drivers are present.If you do not configure this policy setting, searching Windows Update is optional when installing a device.Also see "Turn off Windows Update device driver search prompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver is not found locally.Note: This policy setting is replaced by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows.
This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred.If you enable this policy setting, event description hyperlinks are not activated and the text "More Information" is not displayed at the end of the description.If you disable or do not configure this policy setting, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settings in "Administrative Templates/Windows Compo
This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.If you enable this policy setting, the Help and Support Center no longer retrieves nor displays "Did you know?" content.If you disable or do not configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content.You might want to enable this policy setting for users who do not have Internet access, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products, and is searched as part of all Help and Support Center searches with the default search options.If you enable this policy setting, it removes the Knowledge Base section from the Help and Support Center "Set search options" page, and only Help content on the local computer is searched. If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard causes the wizard to exit. This prevents users from retrieving the list of ISPs, which resides on Microsoft servers.If you disable or do not configure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online.If you disable or do not configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration.Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in).
This policy setting controls whether or not errors are reported to Microsoft.Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.If you enable this policy setting, users are not given the option to report errors.If you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.This policy setting overrides any user setting made from the Control Panel for error reporting.Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.
This policy setting allows you to remove access to Windows Update.If you enable this policy setting, all Windows Update features are removed. This includes blocking access to the Windows Update website at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.If you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results.If you enable this policy setting, Search Companion does not download content updates during searches.If you disable or do not configure this policy setting, Search Companion downloads content updates unless the user is using Classic Search.Note: Internet searches still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off the Search Companion feature completely.
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.If you disable or do not configure this policy setting, the user is allowed to use the Web service.
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association.When a user opens a file that has an extension that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Web service to find an application.If you enable this policy setting, the link and the dialog for using the Web service to open an unhandled file association are removed.If you disable or do not configure this policy setting, the user is allowed to use the Web service.
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed.If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association.When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to select a local application or use the Store service to find an application.If you enable this policy setting, the "Look for an app in the Store" item in the Open With dialog is removed.If you disable or do not configure this policy setting, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders.If you disable or do not configure this policy setting, the task is displayed.
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting, the task "Order Prints Online" is removed from Picture Tasks in File Explorer folders.If you disable or do not configure this policy setting, the task is displayed.
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders.If you disable or do not configure this policy setting, the tasks are shown.
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web" are available from File and Folder Tasks in Windows folders.The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the web.If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders.If you disable or do not configure this policy setting, the tasks are shown.
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases.If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This information is used to improve the product in future releases.If you enable this policy setting, Windows Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown.If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is not shown.If you do not configure this policy setting, users have the choice to opt in and allow information to be collected.
This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly.If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program.If you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program.If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.
This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.If you enable this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that use NCSI, to determine Internet access. If you disable or do not configure this policy setting, NCSI runs one of the two active tests.
"This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run."
Designates the Audio/Video Player ActiveX control as administrator-approved.This control is used for playing sounds, videos, and other media.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site, where users can shop for and obtain information about vehicles.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approve
This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features, and a "safe for scripting" version that has restricted functionality and is intended for use by web sites.If you enable this policy, this control will be available as an administrator approved control and can be run if the user specifies to run administrator-approved Active-X controls and plug-ins under security zones.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
Designates Shockwave flash as an administrator approved control.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved.These controls enable users to view updated lists of stocks on their Web pages.If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.Select the check boxes for the controls that you want to designate as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, clic
Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved.If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.To specify a control as administrator-approved, click Enabled, and then select the check box for the control:-- MCSiMenu - enables Web authors to control the placement and appearance of Windows pop-up menus on Web pages-- Popup Menu Object - enables Web authors to add pop-up menus to Web pagesTo specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3
Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.Select the check boxes for the controls that you want to designate as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Designates Microsoft Survey Control as an administrator approved control.If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.If you disable this policy or do not configure it, this control will not be designated as administrator-approved.To specify how administrator-approved controls are handled for each security zone, carry out the following steps:1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
This policy setting allows you to turn off the flip ahead feature.When turned on, flip ahead allows users to quickly flip to the next page of a website by swiping across the screen or by clicking Forward. Your browsing history will be sent to Microsoft to improve how flip ahead works. Flip ahead is not available on Internet Explorer for the desktop.If you enable this policy setting, flip ahead will be turned off.If you disable this policy setting, flip ahead will be turned on.If you do not configure this setting, flip ahead can be turned on or off through the Settings charm.
This policy setting allows you to turn off the flip ahead feature.When turned on, flip ahead allows users to quickly flip to the next page of a website by swiping across the screen or by clicking Forward. Your browsing history will be sent to Microsoft to improve how flip ahead works. Flip ahead is not available on Internet Explorer for the desktop.If you enable this policy setting, flip ahead will be turned off.If you disable this policy setting, flip ahead will be turned on.If you do not configure this setting, flip ahead can be turned on or off through the Settings charm.
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting, active content on a CD will run without a prompt.If you disable this policy setting, active content on a CD will always prompt before running.If you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting, active content on a CD will run without a prompt.If you disable this policy setting, active content on a CD will always prompt before running.If you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting, applications that host MSHTML do not render text by using the Microsoft ClearType rendering engine.If you disable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine.
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting, applications that host MSHTML do not render text by using the Microsoft ClearType rendering engine.If you disable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine.
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality, such as using the Shift key to select text and copying a selection to the clipboard. This policy setting is particularly useful to users who do not use a mouse.If you enable this policy setting, Caret Browsing is turned on.If you disable this policy setting, Caret Browsing is turned off.If you do not configure this policy setting, Caret Browsing support can be turned on or off through the registry.
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality, such as using the Shift key to select text and copying a selection to the clipboard. This policy setting is particularly useful to users who do not use a mouse.If you enable this policy setting, Caret Browsing is turned on.If you disable this policy setting, Caret Browsing is turned off.If you do not configure this policy setting, Caret Browsing support can be turned on or off through the registry.
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode.Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mod
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control, Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode.Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.When Enhanced Protected Mode is enabled, and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mod
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting, Internet Explorer sends the DNT: 1 header on all HTTP and HTTPS requests. The DNT: 1 header signals that servers should not track the user.If you disable this policy setting, Internet Explorer sends the DNT: 1 header only when a Tracking Protection List is enabled, or when InPrivate Browsing mode is used.If you do not configure the policy setting, users can select the Always send Do Not Track header option on the Advanced tab of the Internet Options dialog box. When this option is selected, Internet Explorer sends the DNT:1 header on all HTTP and HTTPS requests. This option is turned on by default.
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting, Internet Explorer sends the DNT: 1 header on all HTTP and HTTPS requests. The DNT: 1 header signals that servers should not track the user.If you disable this policy setting, Internet Explorer sends the DNT: 1 header only when a Tracking Protection List is enabled, or when InPrivate Browsing mode is used.If you do not configure the policy setting, users can select the Always send Do Not Track header option on the Advanced tab of the Internet Options dialog box. When this option is selected, Internet Explorer sends the DNT:1 header on all HTTP and HTTPS requests. This option is turned on by default.
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting, Internet Explorer uses HTTP 1.1.If you disable this policy setting, Internet Explorer does not use HTTP 1.1.If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1.
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting, Internet Explorer uses HTTP 1.1.If you disable this policy setting, Internet Explorer does not use HTTP 1.1.If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1.
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting, Internet Explorer uses HTTP 1.1 through proxy connections.If you disable this policy setting, Internet Explorer does not use HTTP 1.1 through proxy connections.If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting, Internet Explorer uses HTTP 1.1 through proxy connections.If you disable this policy setting, Internet Explorer does not use HTTP 1.1 through proxy connections.If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.Note: SSL 2.0 is off by default. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.Note: SSL 2.0 is off by default. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation, delete browsing history, and disable add-ons that are not preapproved.If you enable this policy setting, the user cannot use Reset Internet Explorer Settings.If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Settings.
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation, delete browsing history, and disable add-ons that are not preapproved.If you enable this policy setting, the user cannot use Reset Internet Explorer Settings.If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Settings.
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer's performance or stability.If you enable this policy setting, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.If you disable this policy setting, browser helper objects do not launch.If you do not configure this policy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer's performance or stability.If you enable this policy setting, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.If you disable this policy setting, browser helper objects do not launch.If you do not configure this policy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.
This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that requires Japanese-text display support, Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed.If you enable this policy setting, Web components such as fonts will be automatically installed as necessary.If you disable this policy setting, users will be prompted when Web Components such as fonts would be downloaded.If you do not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.
This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that requires Japanese-text display support, Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed.If you enable this policy setting, Web components such as fonts will be automatically installed as necessary.If you disable this policy setting, users will be prompted when Web Components such as fonts would be downloaded.If you do not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting, non-Internet Explorer components will be automatically installed as necessary.If you disable this policy setting, users will be prompted when non-Internet Explorer components would be installed.If you do not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting, non-Internet Explorer components will be automatically installed as necessary.If you disable this policy setting, users will be prompted when non-Internet Explorer components would be installed.If you do not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur approximately every 30 days, and users are prompted to install new versions as they become available.If you enable this policy setting, Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available.If you disable this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.If you do not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur approximately every 30 days, and users are prompted to install new versions as they become available.If you enable this policy setting, Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available.If you disable this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.If you do not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.If you enable this policy setting, users will be prompted to install or run files with an invalid signature.If you disable this policy setting, users cannot run or install files with an invalid signature.If you do not configure this policy, users can choose to run or install files with an invalid signature.
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.If you enable this policy setting, users will be prompted to install or run files with an invalid signature.If you disable this policy setting, users cannot run or install files with an invalid signature.If you do not configure this policy, users can choose to run or install files with an invalid signature.
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play animated pictures found in Web content.If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages display more quickly.If you do not configure this policy setting, Internet Explorer will play animated pictures found in Web content.
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play animated pictures found in Web content.If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages display more quickly.If you do not configure this policy setting, Internet Explorer will play animated pictures found in Web content.
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play sounds found in Web content.If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display more quickly.If you enable this policy setting, Internet Explorer will play sounds found in Web content.
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play sounds found in Web content.If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display more quickly.If you enable this policy setting, Internet Explorer will play sounds found in Web content.
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play videos found in Web content.If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly.If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting, Internet Explorer will play videos found in Web content.If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly.If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting, Profile Assistant information will not be provided, and users will not be prompted to provide information.If you disable this policy setting, then when a Web site requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to allow this information to be shared with the Web site in the future without being prompted.If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assistant information.
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting, Profile Assistant information will not be provided, and users will not be prompted to provide information.If you disable this policy setting, then when a Web site requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to allow this information to be shared with the Web site in the future without being prompted.If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assistant information.
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache, which may be insecure.If you enable this policy setting, Internet Explorer will not save encrypted pages containing secure (HTTPS) information to the cache.If you disable this policy setting, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.If you do not configure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache, which may be insecure.If you enable this policy setting, Internet Explorer will not save encrypted pages containing secure (HTTPS) information to the cache.If you disable this policy setting, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.If you do not configure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer, or storing sensitive files that other users could see, in addition to managing total disk space usage.If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folder when all browser windows are closed.If you disable this policy setting, Internet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed.If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder when browser windows are closed.
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer, or storing sensitive files that other users could see, in addition to managing total disk space usage.If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folder when all browser windows are closed.If you disable this policy setting, Internet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed.If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder when browser windows are closed.
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting, Internet Explorer displays the Content Advisor setting on the Content tab of the Internet Options dialog box. Users can change Content Advisor settings.If you disable or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet Options dialog box.
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting, Internet Explorer displays the Content Advisor setting on the Content tab of the Internet Options dialog box. Users can change Content Advisor settings.If you disable or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet Options dialog box.
This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting, inline AutoComplete is turned on. The user cannot turn it off.If you disable this policy setting, inline AutoComplete is turned off. The user cannot turn it on.If you do not configure this policy setting, the user can turn on or turn off inline AutoComplete.By default, inline AutoComplete is turned off for Windows Vista, Windows 7, Internet Explorer 7, and Internet Explorer 8. By default, inline AutoComplete is turned on for Internet Explorer 9.
This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default, this functionality is turned on in File Explorer.If you enable this policy setting, Inline AutoComplete for File Explorer is turned off. The user cannot turn it on.If you disable this policy setting, Inline AutoComplete for File Explorer is turned on. The user cannot turn it off.If you do not configure this policy setting, a user will have the freedom to turn on or off Inline AutoComplete for File Explorer.
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
This policy setting allows you to turn on your script debugger, if one is installed. Website developers use script debuggers to test programs and scripts on their webpages. You can use the script debugger to browse, edit, and debug .htm and .asp files that contain Microsoft Visual Basic Scripting Edition (VBScript) or Microsoft JScript.If you enable this policy setting, script debugging is turned on. The user cannot turn off script debugging.If you disable this policy setting, script debugging is turned off. The user cannot turn on script debugging.If you do not configure this policy setting, the user can turn on or turn off script debugging.
This policy setting specifies whether, when there is a problem connecting with an Internet server, to provide a detailed description with hints about how to correct the problem. If you clear this check box, the user sees only the error code and the name of the error.If you enable this policy setting, when there is a problem connecting with an Internet server, the user does not see a detailed description or hints about how to correct the problem. The user cannot change this policy setting.If you disable this policy setting, when there is a problem connecting with an Internet server, the user sees a detailed description with hints about how to correct the problem. The user cannot change this policy setting.If you do not configure this policy setting, the user can turn on or turn off details in these error messages.
This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leaving and fades into the page to which you are going.If you enable this policy setting, page transitions will be turned off. The user cannot change this behavior.If you disable this policy setting, page transitions will be turned on. The user cannot change this behavior.If you do not configure this policy setting, the user can turn on or off page transitions.This feature only applies to versions of Internet Explorer up to and including Internet Explorer 8.
This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default, but it is useful to developers when they are testing webpages.If you enable this policy setting, the user is shown script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.If you disable this policy setting, the user is not shown script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.If you do not configure this policy setting, the user can turn on or turn off the display of script errors.
This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting, smooth scrolling is turned off. The user cannot turn on smooth scrolling.If you disable this policy setting, smooth scrolling is turned on. The user cannot turn off smooth scrolling.If you do not configure this policy setting, the user can turn smooth scrolling on or off.
This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting, a user cannot choose when to underline links. You must specify when to underline links: Always Never Hover (when the mouse pointer pauses on a link)If you disable or do not configure this policy setting, the user can choose when to underline links.
Restricts the amount of information downloaded for offline viewing.If you enable this policy, you can set limits to the size and number of pages that users can download. If users attempt to exceed the number of subscriptions, a prompt will appear that states that they cannot set up more Web sites for offline viewing.If you disable this policy or do not configure it, then users can determine the amount of content that is searched for new information and downloaded.Caution: Although the Maximum Number of Offline Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in the Offline Favorites wizard.Note: The begin and end times for downloading are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are searched for new information.
Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer, according to a schedule specified by the channel provider.If you enable this policy, the Add Active Channel button, which appears on a channel that users haven't yet subscribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Microsoft's Active Desktop Gallery, to their desktop.If you disable this policy or do not configure it, users can add channels to the Channel bar or to their desktop.Note: Most channel providers use the words Add Active Channel for this option; however, a few use different words, such as Subscribe.
Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing, they can view the content when their computer is not connected to the Internet.If you enable this policy, users cannot add new schedules for downloading offline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box.If you disable this policy or do not configure it, users can add new offline content schedules.This policy is intended for organizations that are concerned about server load for downloading content.The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy, it disables any channel logging settings set by channel providers in the channel definition format (.cdf) file. The .cdf file determines the schedule and other settings for downloading Web content.If you disable this policy or do not configure it, channel providers can record information about when their channel pages are viewed by users who are working offline.
Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy, the Channel bar interface will be disabled, and users cannot select the Internet Explorer Channel Bar check box on the Web tab in the Display Properties dialog box.If you disable this policy or do not configure it, users can view and subscribe to channels from the Channel bar interface.
Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that users have subscribed to.A subscription group is a favorite Web page plus the Web pages it links to.If you enable this policy, the Add, Remove, and Edit buttons on the Schedule tab in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.If you disable this policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites.The "Disable editing schedules for offline pages" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.
Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.If you enable this policy, users cannot display the schedule properties of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is unavailable.If you disable this policy or do not configure it, users can edit an existing schedule for downloading Web content for offline viewing.This policy is intended for organizations that are concerned about server load for downloading content.The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy, users cannot prevent channels from being synchronized.If you disable this policy or do not configure it, users can disable the synchronization of channels.This policy is intended to help administrators ensure that users' computers are being updated uniformly across their organization.Note: This policy does not prevent users from removing active content from the desktop interface.
Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.If you enable this policy, the Make Available Offline check box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then click the Properties button.If you disable this policy or do not configure it, users can remove the preconfigured settings for pages to be downloaded for offline viewing.This policy is intended for organizations that are concerned about server load for downloading content.The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.If you enable this policy, the check boxes for schedules on the Schedule tab of the Web page properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.If you disable this policy, then Web pages can be updated on the schedules specified on the Schedule tab.This policy is intended for organizations that are concerned about server load for downloading content.The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.If you enable this policy, content will not be downloaded from Web sites that users have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since the last time the user synchronized with or visited the page.If you disable this policy or do not configure it, content will not be prevented from being downloaded.The "Disable downloading of site subscription content" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.
This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download, verify, and install code for an Object Linking and Embedding (OLE) component.If you enable this policy setting, the user cannot specify the download path for the code. You must specify the download path.If you disable or do not configure this policy setting, the user can specify the download path for the code.
This policy setting prevents the user from choosing the default text size in Internet Explorer.If you enable this policy setting, the user cannot choose the default text size in Internet Explorer. You must specify the default text size: Largest Larger Medium Smaller SmallestIf you disable or do not configure this policy setting, the user can choose the default text size in Internet Explorer.
Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the Advanced tab from the interface.
Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the Advanced tab from the interface.
Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing connection and proxy settings.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:"Disable Internet Connection Wizard""Disable changing connection settings""Prevent changing proxy settings""Disable changing Automatic Configuration settings"
Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing connection and proxy settings.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:"Disable Internet Connection Wizard""Disable changing connection settings""Prevent changing proxy settings""Disable changing Automatic Configuration settings"
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.If you disable this policy or do not configure it, users can see and change these settings.
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.If you disable this policy or do not configure it, users can see and change these settings.
Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab from the interface:"Disable changing home page settings""Disable changing Temporary Internet files settings""Disable changing history settings""Disable changing color settings""Disable changing link color settings""Disable changing font settings""Disable changing language settings""Disable changing accessibility settings"
Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab from the interface:"Disable changing home page settings""Disable changing Temporary Internet files settings""Disable changing history settings""Disable changing color settings""Disable changing link color settings""Disable changing font settings""Disable changing language settings""Disable changing accessibility settings"
Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing default settings for privacy.If you disable this policy or do not configure it, users can see and change these settings.
Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing default settings for privacy.If you disable this policy or do not configure it, users can see and change these settings.
Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing default settings for Internet programs.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:"Disable changing Messaging settings""Disable changing Calendar and Contact settings""Disable the Reset Web Settings feature""Disable changing default browser check"
Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy, users are prevented from seeing and changing default settings for Internet programs.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:"Disable changing Messaging settings""Disable changing Calendar and Contact settings""Disable the Reset Web Settings feature""Disable changing default browser check"
Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:"Security zones: Do not allow users to change policies""Security zones: Do not allow users to add/delete sites"
Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.If you disable this policy or do not configure it, users can see and change these settings.When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:"Security zones: Do not allow users to change policies""Security zones: Do not allow users to add/delete sites"
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting, you must specify when IDN server names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted to IDN format.If you disable or do not configure this policy setting, the user can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format only for addresses that are not in the Intranet zone.
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting, you must specify when IDN server names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted to IDN format.If you disable or do not configure this policy setting, the user can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format only for addresses that are not in the Intranet zone.
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting, Internet Explorer encodes mailto links in UTF-8.If you disable or do not configure this policy setting, Internet Explorer sends mailto links encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting, Internet Explorer encodes mailto links in UTF-8.If you disable or do not configure this policy setting, Internet Explorer sends mailto links encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer.If you enable this policy setting, the user cannot continue browsing.If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired", "revoked", or "name mismatch" errors) in Internet Explorer.If you enable this policy setting, the user cannot continue browsing.If you disable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8), a standard that defines characters so they are readable in any language. By using UTF-8, you can exchange Internet addresses (URLs) that contain characters from any language.If you enable this policy setting, Internet Explorer does not allow sending URLs as UTF-8. The user cannot change this policy setting.If you disable this policy setting, Internet Explorer allows sending URLs as UTF-8. The user cannot change this policy setting.If you do not configure this policy setting, the user can allow or prevent the sending of URLs as UTF-8.
This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting, the user cannot specify the background color in Internet Explorer. You must specify the background color (for example: 192,192,192).If you disable or do not configure this policy setting, the user can specify the background color in Internet Explorer.
This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting, the user cannot specify the text color in Internet Explorer. You must specify the text color (for example: 192,192,192).If you disable or do not configure this policy setting, the user can specify the text color in Internet Explorer.
This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting, Windows colors are turned off. The user cannot turn them on.If you disable this policy setting, Windows colors are turned on. The user cannot turn them off.If you do not configure this policy setting, the user can turn on or turn off Windows colors for display.
This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page, the page cannot grant access unless the Internet browser connects with a prespecified encryption. To ensure that the browser meets this requirement, this policy setting allows you to specify the URL to update the browser security setting.If you enable this policy setting, the user cannot specify the cipher strength update information URL. You must specify the cipher strength update information URL.If you disable or do not configure this policy setting, the user can specify the cipher strength update information URL.
This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed, this policy setting starts the wizard automatically.If you enable this policy setting, the Internet Connection Wizard starts automatically if it was not completed before. The user cannot prevent the wizard from starting.If you disable this policy setting, the Internet Connection Wizard does not start automatically. The user can start the wizard manually.If you do not configure this policy setting, the user can decide whether the Internet Connection Wizard should start automatically.
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ,000000000-0000-0000-0000-0000000000000-'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.Value - A number indicating whether Internet Exp
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ,000000000-0000-0000-0000-0000000000000-'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.Value - A number indicating whether Internet Exp
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting.If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed) through the 'Add-on List' policy setting.If you disable or do not configure this policy setting, users may use Add-on Manager to allo
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting.If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowed) through the 'Add-on List' policy setting.If you disable or do not configure this policy setting, users may use Add-on Manager to allo
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.If you enable this policy setting, all processes will respect add-on management user preferences and policy settings.If you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings.
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.If you enable this policy setting, all processes will respect add-on management user preferences and policy settings.If you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings.
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, th
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, th
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default, because they are not as secure as other technologies.If you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies.If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing technologies.
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default, because they are not as secure as other technologies.If you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies.If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing technologies.
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.If you disable or do not configure this policy setting, binary behaviors are allowed for all processes.
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.If you disable or do not configure this policy setting, binary behaviors are allowed for all processes.
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.If you disable this policy setting, binary behaviors are allowed for the File Explorer and Internet Explorer processes.If you do not configure this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.If you disable this policy setting, binary behaviors are allowed for the File Explorer and Internet Explorer processes.If you do not configure this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowe
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowe
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Consistent Mime Handling is enabled for all processes.If you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes.
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Consistent Mime Handling is enabled for all processes.If you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes.
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be displayed for all processes.If you disable or do not configure this policy setting, the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be displayed for all processes.If you disable or do not configure this policy setting, the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes.If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Notification bar is displayed for Internet Explorer processes.If you enable this policy setting, the Notification bar will be displayed for Internet Explorer Processes.If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes.If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default).If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for the specifi
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code installs are restricted. By default, the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Notification bar is displayed by default).If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for the specifi
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.If you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.If you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.If you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.If you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.If you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes.
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.If you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes.
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.If you disable or do not configure this policy setting, the MK Protocol is enabled.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.If you disable or do not configure this policy setting, the MK Protocol is enabled.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes.If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes.If you do not configure this policy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the policy setting is ignored.
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the policy setting is ignored.
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than File Explorer or Internet Explorer.If you do not configure this policy setting, no policy is enforced for processes other than File Explorer and Internet Explorer.
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than File Explorer or Internet Explorer.If you do not configure this policy setting, no policy is enforced for processes other than File Explorer and Internet Explorer.
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for File Explorer and Internet Explorer processes.If you do not configure this policy setting, the policy setting is ignored.
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for File Explorer and Internet Explorer processes.If you do not configure this policy setting, the policy setting is ignored.
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.If you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.If you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.If you enable this policy setting, any zone can be protected from zone elevation for all processes.If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.If you enable this policy setting, any zone can be protected from zone elevation for all processes.If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.If you disable this policy setting, no zone receives such protection for Internet Explorer processes.If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.If you disable this policy setting, no zone receives such protection for Internet Explorer processes.If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE proce
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE proce
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.
This policy setting enables blocking of file download prompts that are not user initiated.If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
This policy setting enables blocking of file download prompts that are not user initiated.If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.If you enable this policy setting, scripted windows are restricted for all processes.If you disable or do not configure this policy setting, scripted windows are not restricted.
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.If you enable this policy setting, scripted windows are restricted for all processes.If you disable or do not configure this policy setting, scripted windows are not restricted.
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.If you do not configure this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted protocols to access my computer."If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols to access my computer."Note. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.
This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.
This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.
This policy setting turns off Automatic Crash Recovery.If you enable this policy setting, Automatic Crash Recovery does not prompt the user to recover his or her data after a program stops responding.If you disable or do not configure this policy setting, Automatic Crash Recovery prompts the user to recover his or her data after a program stops responding.
This policy setting turns off Automatic Crash Recovery.If you enable this policy setting, Automatic Crash Recovery does not prompt the user to recover his or her data after a program stops responding.If you disable or do not configure this policy setting, Automatic Crash Recovery prompts the user to recover his or her data after a program stops responding.
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting, the user cannot use the Reopen Last Browsing Session feature.If you disable or do not configure this policy setting, the user can use the Reopen Last Browsing Session feature.
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting, the user cannot use the Reopen Last Browsing Session feature.If you disable or do not configure this policy setting, the user can use the Reopen Last Browsing Session feature.
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user.
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user.
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer.If you enable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it off.If you disable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it on.If you do not configure this policy setting, the menu bar is turned off by default. The user can turn on or turn off the menu bar.
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer.If you enable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it off.If you disable this policy setting, the menu bar appears in Internet Explorer by default, and the user cannot turn it on.If you do not configure this policy setting, the menu bar is turned off by default. The user can turn on or turn off the menu bar.
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting, the Favorites bar is turned off.If you disable this policy setting, the Favorites bar is turned on.If you do not configure this policy setting, the user can turn on or turn off the Favorites bar.
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting, the Favorites bar is turned off.If you disable this policy setting, the Favorites bar is turned on.If you do not configure this policy setting, the user can turn on or turn off the Favorites bar.
Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being stored in the users' cache.If you enable this policy, automatic proxy scripts will not be stored temporarily on the users' computer.If you disable this policy or do not configure it, automatic proxy scripts can be stored in the users' cache.
Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party.If you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider.If you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services.This policy is intended for administrators who want to maintain a consistent browser across an organization.
Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy, users are prevented from changing advanced Internet settings, such as security, multimedia, and printing. Users cannot select or clear the check boxes on the Advanced tab.If you disable this policy or do not configure it, users can select or clear settings on the Advanced tab.If you set the "Disable the Advanced page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Advanced page" policy removes the Advanced tab from the interface.
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting, Internet Explorer sends the specified custom string in the version portion of the User Agent header.If you disable or do not configure this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting, Internet Explorer sends the specified custom string in the version portion of the User Agent header.If you disable or do not configure this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy, users' dial-up settings will be configured by Automatic Detection.If you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specified by the user.
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting, the user cannot use the "Fix settings" functionality.If you disable or do not configure this policy setting, the user can use the "Fix settings" functionality.Note: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting, the user cannot use the "Fix settings" functionality.If you disable or do not configure this policy setting, the user can use the "Fix settings" functionality.Note: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting, the user is not prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off.If you select manual mode, the phishing filter performs only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide the mode of operation for the phishing filter.
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting, the user is not prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off.If you select manual mode, the phishing filter performs only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide the mode of operation for the phishing filter.
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-run experience.
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-run experience.
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware.If you enable this policy setting, the user is not prompted to turn on SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on SmartScreen Filter during the first-run experience.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.If you enable this policy setting, SmartScreen Filter warnings block the user.If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.If you enable this policy setting, SmartScreen Filter warnings block the user.If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.If you enable this policy setting, SmartScreen Filter warnings block the user.If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.If you enable this policy setting, SmartScreen Filter warnings block the user.If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.If you enable this policy setting, the feature is turned off.If you disable or do not configure this policy setting, the feature is turned on.
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.If you enable this policy setting, the feature is turned off.If you disable or do not configure this policy setting, the feature is turned on.
This policy setting positions the menu bar above the navigation bar. The navigation bar contains icons for a variety of features, including browsing web pages, searching the web by using a selection of search tools, accessing and managing favorites, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains menus that open lists of commands. The commands include options for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help.If you enable this policy setting, the menu bar is above the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar.If you disable this policy setting, the menu bar is below the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar.If you do not configure this policy setting, the user can interchange the positions of the menu bar and the navigation bar.
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting, the user cannot change the filter level. You can specify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance.If you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level.You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to prevent the user from configuring pop-up behavior.
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting, the user cannot change the filter level. You can specify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance.If you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level.You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to prevent the user from configuring pop-up behavior.
Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy, error messages will be displayed when the browser does not download or run a script to set proxy settings.If you disable this policy or do not configure it, error messages will not be displayed when problems occur with proxy scripts.
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting, the user can log information that is blocked by new Internet Explorer features. The user cannot turn off logging.If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user cannot turn on logging.If you do not configure this policy setting, the user can change the logging settings.
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting, the user can log information that is blocked by new Internet Explorer features. The user cannot turn off logging.If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user cannot turn on logging.If you do not configure this policy setting, the user can change the logging settings.
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command bar. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.The navigation bar includes features for browsing webpages, searching the web by using a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the shortcuts to these bars.If you enable this policy setting, the navigation bar, the menu bar, and the Command bar are not visible, and the user cannot access them.If you disable or do not configure this policy setting, the user can view and access the navigation bar, the
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command bar. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.The navigation bar includes features for browsing webpages, searching the web by using a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the shortcuts to these bars.If you enable this policy setting, the navigation bar, the menu bar, and the Command bar are not visible, and the user cannot access them.If you disable or do not configure this policy setting, the user can view and access the navigation bar, the
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser, import settings from a file, or export settings to a file. Importing settings from another browser allows the user to import favorites and feeds from other browsers. Importing settings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favorites, feeds and cookies to a file.If you enable this policy setting, the user will not be able to use the Import/Export Settings wizard.If you disable or do not configure this policy setting, the user will be able to use the Import/Export Settings wizard.
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser, import settings from a file, or export settings to a file. Importing settings from another browser allows the user to import favorites and feeds from other browsers. Importing settings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favorites, feeds and cookies to a file.If you enable this policy setting, the user will not be able to use the Import/Export Settings wizard.If you disable or do not configure this policy setting, the user will be able to use the Import/Export Settings wizard.
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting, browser geolocation support is turned off.If you disable this policy setting, browser geolocation support is turned on.If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting, browser geolocation support is turned off.If you disable this policy setting, browser geolocation support is turned on.If you do not configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on Li
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on Li
This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting, applications that host MSHTML do not respond to user input that causes the content to be re-rendered at a scaled size.If you disable or do not configure this policy setting, applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting, applications that host MSHTML do not respond to user input that causes the content to be re-rendered at a scaled size.If you disable or do not configure this policy setting, applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts, such as e-mail accounts, on the same computer. Each user has a unique identity, with a different password and different program preferences.If you enable this policy, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed from the File menu in Address Book.If you disable this policy or do not configure it, users can set up and change identities.
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition.If you enable this policy setting, newly installed add-ons are automatically activated in the browser.If you disable or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by responding to the notification, using Manage Add-ons, or using other methods.
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition.If you enable this policy setting, newly installed add-ons are automatically activated in the browser.If you disable or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by responding to the notification, using Manage Add-ons, or using other methods.
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting, users are not notified when the average time to load all the user's enabled add-ons exceeds the threshold.If you disable or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the threshold. This is the default.
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting, users are not notified when the average time to load all the user's enabled add-ons exceeds the threshold.If you disable or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the threshold. This is the default.
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
Allows Administrators to enable and disable the Media Explorer Bar and set the auto-play default.The Media Explorer Bar plays music and video content from the Internet.If you disable the Media explorer bar, users cannot display the Media Explorer Bar. The auto-play feature is also disabled. When users click on a link within Internet Explorer, the content will be played by the default media client on their system.If you enable the Media Explorer Bar or do not configure it, users can show and hide the Media Explorer Bar.Administrators also have the ability to turn the auto-play feature on or off. This setting only applies if the Media Explorer Bar is enabled.If checked, the Media Explorer Bar will automatically display and play the media content when the user clicks on a media link.If unchecked, the content will be played by the default media client on their system.
This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings, see "Group Policies Settings in Internet Explorer 10" in the TechNet technical library.If you enable this policy setting, the user cannot access the Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm.If you disable or do not configure this policy setting, the user can access the Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm.
This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings, see "Group Policies Settings in Internet Explorer 10" in the TechNet technical library.If you enable this policy setting, the user cannot access the Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm.If you disable or do not configure this policy setting, the user can access the Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm.
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, form data is preserved when the user clicks Delete.If you disable this policy setting, form data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, form data is preserved when the user clicks Delete.If you disable this policy setting, form data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, passwords are preserved when the user clicks Delete.If you disable this policy setting, passwords are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, passwords are preserved when the user clicks Delete.If you disable this policy setting, passwords are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, cookies are preserved when the user clicks Delete.If you disable this policy setting, cookies are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, cookies are preserved when the user clicks Delete.If you disable this policy setting, cookies are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, websites that the user has visited are preserved when he or she clicks Delete.If you disable this policy setting, websites that the user has visited are deleted when he or she clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, websites that the user has visited are preserved when he or she clicks Delete.If you disable this policy setting, websites that the user has visited are deleted when he or she clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, download history is preserved when the user clicks Delete.If you disable this policy setting, download history is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve download history when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, download history is preserved when the user clicks Delete.If you disable this policy setting, download history is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve download history when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, temporary Internet files are preserved when the user clicks Delete.If you disable this policy setting, temporary Internet files are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve temporary Internet files when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, temporary Internet files are preserved when the user clicks Delete.If you disable this policy setting, temporary Internet files are deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve temporary Internet files when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data when he or she clicks Delete.
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data when he or she clicks Delete.
This policy setting prevents the user from deleting ActiveX Filtering and Tracking Protection data. This data is the list of websites on which the user has chosen to disable ActiveX Filtering or Tracking Protection. Additionally, Tracking Protection data is collected when the Personalized Tracking Protection List is enabled to determine which third-party items should be blocked while the user is browsing.This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, ActiveX Filtering and Tracking Protection data is preserved when the user clicks Delete.If you disable this policy setting, ActiveX Filtering and Tracking Protection data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve ActiveX Filtering and Tracking Protection data when he or she clicks Delete.
This policy setting prevents the user from deleting ActiveX Filtering and Tracking Protection data. This data is the list of websites on which the user has chosen to disable ActiveX Filtering or Tracking Protection. Additionally, Tracking Protection data is collected when the Personalized Tracking Protection List is enabled to determine which third-party items should be blocked while the user is browsing.This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, ActiveX Filtering and Tracking Protection data is preserved when the user clicks Delete.If you disable this policy setting, ActiveX Filtering and Tracking Protection data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve ActiveX Filtering and Tracking Protection data when he or she clicks Delete.
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, favorites site data is preserved when the user clicks Delete.If you disable this policy setting, favorites site data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting, favorites site data is preserved when the user clicks Delete.If you disable this policy setting, favorites site data is deleted when the user clicks Delete.If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or she clicks Delete.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files, cookies, history, form data, and passwords) are applied, and those items are deleted.If you enable this policy setting, deleting browsing history on exit is turned on.If you disable this policy setting, deleting browsing history on exit is turned off.If you do not configure this policy setting, it can be configured on the General tab in Internet Options.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files, cookies, history, form data, and passwords) are applied, and those items are deleted.If you enable this policy setting, deleting browsing history on exit is turned on.If you disable this policy setting, deleting browsing history on exit is turned off.If you do not configure this policy setting, it can be configured on the General tab in Internet Options.If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting has no effect.
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting, you must make one of the following choices: Skip the First Run wizard, and go directly to the user's home page. Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting, you must make one of the following choices: Skip the First Run wizard, and go directly to the user's home page. Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting, the following occur: The Help menu on the menu bar is not functional. Help is removed from the Command bar. The shortcut key F1 does not make Help appear. Help cannot be accessed from the Settings charm (starting with Internet Explorer 10 on Windows 8).If you disable or do not configure this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access Help.
This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting, the following occur: The Help menu on the menu bar is not functional. Help is removed from the Command bar. The shortcut key F1 does not make Help appear. Help cannot be accessed from the Settings charm (starting with Internet Explorer 10 on Windows 8).If you disable or do not configure this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access Help.
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all installed search providers and a link to search settings.If you enable this policy setting, the Search box does not appear in the Internet Explorer frame.If you disable or do not configure this policy setting, the Search box appears by default in the Internet Explorer frame.Note: If you enable this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all installed search providers and a link to search settings.If you enable this policy setting, the Search box does not appear in the Internet Explorer frame.If you disable or do not configure this policy setting, the Search box appears by default in the Internet Explorer frame.Note: If you enable this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.
This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting, the user cannot view suggestions for user-installed search providers.If you disable or do not configure this policy setting, the user can choose to view suggestions for all user-installed search providers that offer suggestions.
This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting, the user cannot view suggestions for user-installed search providers.If you disable or do not configure this policy setting, the user can choose to view suggestions for all user-installed search providers that offer suggestions.
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting, when a user clicks in the Search box, the quick pick menu does not appear until the user starts typing.If you disable or do not configure this policy setting, when a user clicks in the Search box, the quick pick menu appears.
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting, when a user clicks in the Search box, the quick pick menu does not appear until the user starts typing.If you disable or do not configure this policy setting, when a user clicks in the Search box, the quick pick menu appears.
Prevents Internet Explorer from automatically installing components.If you enable this policy, it prevents Internet Explorer from downloading a component when users browse to a Web site that needs that component.If you disable this policy or do not configure it, users will be prompted to download and install a component when visiting a Web site that uses that component.This policy is intended to help the administrator control which components the user installs.
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low, medium, high, or default. Low creates very few tab processes; medium creates a moderate amount of tab processes; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of physical memory. We recommend the default setting.The second algorithm must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the computer or how many Internet Explorer isolation settings are running.If you enable this policy setting, you set the rate at which Internet Explorer creates new tab proces
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low, medium, high, or default. Low creates very few tab processes; medium creates a moderate amount of tab processes; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of physical memory. We recommend the default setting.The second algorithm must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the computer or how many Internet Explorer isolation settings are running.If you enable this policy setting, you set the rate at which Internet Explorer creates new tab proces
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting, OnUnLoad script handlers display UI during shutdown.If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown (default behavior in Internet Explorer 9).
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting, OnUnLoad script handlers display UI during shutdown.If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown (default behavior in Internet Explorer 9).
This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, or the new tab page.If you disable or do not configure this policy setting, the user can select his or her preference for this behavior. The new tab page is the default setting.
This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting, you can choose which page to display when the user opens a new tab: blank page (about:blank), the first home page, or the new tab page.If you disable or do not configure this policy setting, the user can select his or her preference for this behavior. The new tab page is the default setting.
This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting, Tab Grouping is turned off.If you disable this policy setting, Tab Grouping is turned on.If you do not configure this policy setting, the user can turn on or turn off Tab Grouping.
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting, the entry points to Quick Tabs are removed from the Internet Explorer user interface.If you disable or do not configure this policy setting, Quick Tabs is turned on.
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting, the entry points to Quick Tabs are removed from the Internet Explorer user interface.If you disable or do not configure this policy setting, Quick Tabs is turned on.
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting, the user cannot change the default search provider.If you disable or do not configure this policy setting, the user can change the default search provider.
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting, the user cannot change the default search provider.If you disable or do not configure this policy setting, the user can change the default search provider.
Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy, the splash screen, which displays the program name, licensing, and copyright information, is not displayed.If you disable this policy or do not configure it, the splash screen will be displayed when users start their browsers.
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.If you enable this policy setting, tabbed browsing and related entry points are turned off for Internet Explorer, and the user cannot turn them on.If you disable this policy setting, tabbed browsing and related entry points appear on the user interface for Internet Explorer, and the user cannot turn them off.If you do not configure this policy setting, the user can turn on or turn off tabbed browsing.
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8, this policy only applies to Internet Explorer on the desktop.If you enable this policy setting, tabbed browsing and related entry points are turned off for Internet Explorer, and the user cannot turn them on.If you disable this policy setting, tabbed browsing and related entry points appear on the user interface for Internet Explorer, and the user cannot turn them off.If you do not configure this policy setting, the user can turn on or turn off tabbed browsing.
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting, the user cannot configure pop-up windows in tabbed browsing. You must specify one of the following values: 0: Let Internet Explorer decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs.If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting, the user cannot configure pop-up windows in tabbed browsing. You must specify one of the following values: 0: Let Internet Explorer decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs.If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.
Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting, the user cannot configure how windows open in Internet Explorer when he or she clicks links from other applications. You must specify one of the following: Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. Open a new Internet Explorer window.If you disable or do not configure this policy setting, the user can configure how windows open when he or she clicks links from other applications.
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting, the user cannot configure how windows open in Internet Explorer when he or she clicks links from other applications. You must specify one of the following: Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. Open a new Internet Explorer window.If you disable or do not configure this policy setting, the user can configure how windows open when he or she clicks links from other applications.
Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting, users will be unable to open or save attachments that could potentially contain a virus. Users will not be able to disable the blocking of attachments in options.If the block attachments setting is not checked, the user can specify to enable or disable the blocking of attachments in options.
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.If you disable this or do not configure this policy setting, you will not be able to provide a default Pop-up Blocker exception list.Note: You can disable users from adding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.If you disable this or do not configure this policy setting, you will not be able to provide a default Pop-up Blocker exception list.Note: You can disable users from adding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
If you enable this policy, the user cannot modify the Accessibility options. All options in the "Accessibility" window on the General Tab in the Internet Options dialog box appear dimmed.If you disable this policy or do not configure it, users can change accessibility settings, such as overriding fonts and colors on Web pages.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting, the user will not be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor.If you disable or do no configure this policy setting, the user will have the freedom to automatically configure these settings.
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting, the user will not be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor.If you disable or do no configure this policy setting, the user will have the freedom to automatically configure these settings.
Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Temporary Internet Files folder.If you enable this policy, the browser cache settings appear dimmed. These settings are found in the dialog box that appears when users click the General tab and then click the Settings button in the Internet Options dialog box.If you disable this policy or do not configure it, users can change their cache settings.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy, the Calendar and Contact combo boxes appear dimmed in the Internet Programs area. To display these options, users open the Internet Options dialog box, and then click the Programs tab.If you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if programs that perform these tasks are installed.This "Disable the Programs Page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy, the settings in the Certificates area on the Content tab in the Internet Options dialog box appear dimmed.If you disable this policy or do not configure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accepted.The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.Caution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certificates from software publishers th
Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy, the Internet Explorer Should Check to See Whether It Is the Default Browser check box on the Programs tab in the Internet Options dialog box appears dimmed.If you disable this policy or do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default.This policy is intended for organizations that do not want users to determine which browser should be their default.The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting, users will be notified if Internet Explorer is not the default web browser. Users cannot change the setting.If you disable this policy setting, users will not be notified if Internet Explorer is not the default web browser. Users cannot change the setting.If you do not configure this policy setting, users can choose whether to be notified that Internet Explorer is not the default web browser through the Tell me if Internet Explorer is not the default web browser check box on the Programs tab in the Internet Options dialog box. Note that starting with Internet Explorer 10 on Windows 8, the check box is located on the Advanced tab in the Internet Options dialog box. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
Prevents users from changing the default Web page colors.If you enable this policy, the color settings for Web pages appear dimmed. The settings are located in the Colors area in the dialog box that appears when the user clicks the General tab and then clicks the Colors button in the Internet Options dialog box.If you disable this policy or do not configure it, users can change the default background and text color of Web pages.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.Note: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors.
Prevents users from changing dial-up settings.If you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.If you disable this policy or do not configure it, users can change their settings for dial-up connections.If you set the "Disable the Connections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Connections tab from the interface.
Prevents users from changing dial-up settings.If you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.If you disable this policy or do not configure it, users can change their settings for dial-up connections.If you set the "Disable the Connections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Connections tab from the interface.
Prevents users from running the Internet Connection Wizard.If you enable this policy, the Setup button on the Connections tab in the Internet Options dialog box appears dimmed.Users will also be prevented from running the wizard by clicking the Connect to the Internet icon on the desktop or by clicking Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard.If you disable this policy or do not configure it, users can change their connection settings by running the Internet Connection Wizard.Note: This policy overlaps with the "Disable the Connections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop or the Start menu.
Prevents users from changing font settings.If you enable this policy, users will not be able to change font settings for viewing Web pages. All font settings visible after pressing the "Fonts" button on the General Tab in the Internet Options dialog box will be disabled.If you disable this policy or do not configure it, users can change the default fonts for viewing Web pages.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.Note: The default font settings colors are ignored in cases in which the Web page author has specified the font attributes.
This AutoComplete feature suggests possible matches when users are filling up forms.If you enable this setting, the user is not suggested matches when filling forms. The user cannot change it.If you disable this setting, the user is suggested possible matches when filling forms. The user cannot change it.If you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms.To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
This AutoComplete feature can remember and suggest User names and passwords on Forms.If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords".If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Temporary Internet Files and History Settings dialog box, from the Menu bar, on the Tools menu, click Internet Options, click the General tab, and then click Settings under Browsing history.If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users can not delete browsing history.If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing history.
The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run.If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies.If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.If you disable or do not configure this policy setting, the user can add secondary home pages.Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.If you disable or do not configure this policy setting, the user can add secondary home pages.Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.
Prevents users from changing language preference settings.If you enable this policy, users will not be able to set language preferences to read websites. Language preference settings visible after pressing the "Languages" button on the General Tab in the Internet Options dialog box will be disabled.If you disable this policy or do not configure it, users can change the language preference settings for viewing Web sites for languages in which the character set has been installed.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
Prevents users from changing the colors of links on Web pages.If you enable this policy, the color settings for links appear dimmed. The settings are located in the Links area of the dialog box that appears when users click the General tab and then click the Colors button in the Internet Options dialog box.If you disable this policy or do not configure it, users can change the default color of links on Web pages.If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.Note: The default link colors are ignored on Web pages on which the author has specified link colors.
Prevents users from changing the default programs for messaging tasks.If you enable this policy, the E-mail, Newsgroups, and Internet Call options in the Internet Programs area appear dimmed. To display these options, users open the Internet Options dialog box, and then click the Programs tab.If you disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Internet calls, if programs that perform these tasks are installed.The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting, the user cannot add websites to or remove websites from the exception list.If you disable or do not configure this policy setting, the user can add websites to or remove websites from the exception list.Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting, the user cannot add websites to or remove websites from the exception list.If you disable or do not configure this policy setting, the user can add websites to or remove websites from the exception list.Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.If you disable or do not configure this policy setting, the popup management feature will be functional.
This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.If you disable or do not configure this policy setting, the popup management feature will be functional.
Prevents users from changing Profile Assistant settings.If you enable this policy, the My Profile button appears dimmed in the Personal Information area on the Content tab in the Internet Options dialog box.If you disable this policy or do not configure it, users can change their profile information, such as their street and e-mail addresses.The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
This policy setting specifies if a user can change proxy settings.If you enable this policy setting, the user will not be able to configure proxy settings.If you disable or do not configure this policy setting, the user can configure proxy settings.
This policy setting specifies if a user can change proxy settings.If you enable this policy setting, the user will not be able to configure proxy settings.If you disable or do not configure this policy setting, the user can configure proxy settings.
Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy, the settings in the Content Advisor area on the Content tab in the Internet Options dialog box appear dimmed.If you disable this policy or do not configure it, users can change their ratings settings.The "Disable the Ratings page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents users from restoring default settings for home and search pages.If you enable this policy, the Reset Web Settings button on the Programs tab in the Internet Options dialog box appears dimmed.If you disable this policy or do not configure it, users can restore the default settings for home and search pages.The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, available by clicking Tools, Internet Options, and then Delete Browsing History in Internet Explorer.If you enable this policy setting, users will not be able to delete temporary Internet files and cookies.If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, available by clicking Tools, Internet Options, and then Delete Browsing History in Internet Explorer.If you enable this policy setting, users will not be able to delete temporary Internet files and cookies.If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting, user will not be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.If you disable this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.If you do not configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off.
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting, user will not be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.If you disable this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.If you do not configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off.
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing relevant results in the Address bar. The user cannot change this setting.If you disable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user cannot change this setting.If you do not configure this policy setting, the user can choose to turn the Use Windows Search setting on or off.Note: If you enable this policy setting, feeds do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing relevant results in the Address bar. The user cannot change this setting.If you disable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user cannot change this setting.If you do not configure this policy setting, the user can choose to turn the Use Windows Search setting on or off.Note: If you enable this policy setting, feeds do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting, URL Suggestions will be turned off. Users will not be able to turn on URL Suggestions.If you disable this policy setting, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions.If you do not configure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting, URL Suggestions will be turned off. Users will not be able to turn on URL Suggestions.If you disable this policy setting, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions.If you do not configure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy, the search functionality of the F3 key is disabled. Users cannot press F3 to search the Internet (from Internet Explorer) or to search the hard disk (from File Explorer). If the user presses F3, a prompt appears that informs the user that this feature has been disabled.If you disable this policy or do not configure it, users can press F3 to search the Internet (from Internet Explorer) or the hard disk (from File Explorer).This policy is intended for situations in which administrators do not want users to explore the Internet or the hard disk.This policy can be used in coordination with the "File Menu: Disable Open menu option" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser Menus), which prevents users from opening files by using the browser.
Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy, users cannot change their Search Assistant settings, such as setting default search engines for specific tasks.If you disable this policy or do not configure it, users can change their settings for the Search Assistant.This policy is designed to help administrators maintain consistent settings for searching across an organization.
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings.This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user.Also, see the "Security zones: Do not allow users to change policies" policy.
Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.If you disable this policy or do not configure it, users can change the settings for security zones.This policy prevents users from changing security zone settings established by the administrator.Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.Also, see the "Security zones: Use only machine settings" policy.
Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.This policy prevents users from changing site management settings for security zones established by the administrator.Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.Also, see the "Security zones: Use only machine
Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy, users will not be notified if their programs are updated using Software Distribution Channels.If you disable this policy or do not configure it, users will be notified before their programs are updated.This policy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user intervention.
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.If you disable or do not configure this policy setting, the user can configure his or her
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.If you disable or do not configure this policy setting, the user can configure his or her
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.If you do not configure this policy setting, the user can choose to participate in the CEIP.
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.If you do not configure this policy setting, the user can choose to participate in the CEIP.
This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting, the user cannot configure how new tabs are created by default. You must specify whether tabs should open in the foreground or in the background. The user cannot open the tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select.If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting, the user cannot configure how new tabs are created by default. You must specify whether tabs should open in the foreground or in the background. The user cannot open the tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select.If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
Applies proxy settings to all users of the same computer.If you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer.If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting, websites can open new Internet Explorer windows that have no status bar or Address bar.If you disable this policy setting, websites cannot open new Internet Explorer windows that have no status bar or Address bar.If you do not configure this policy setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed, because this involves external controls or media players.The dynsrc attribute on the img tag specifies an older media player. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files.If you enable this policy setting, video and animation can be played through older media players in specified zones.If you disable this policy setting, video and animation cannot be played through older media players.If you do not configure this policy setting, video and animation can be played through older media players in specified zones.
This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting, the user can run scriptlets.If you disable this policy setting, the user cannot run scriptlets.If you do not configure this policy setting, the user can enable or disable scriptlets.
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.If you enable this policy setting, the first-run prompt is turned off in the corresponding zone.If you disable this policy setting, the first-run prompt is turned on in the corresponding zone.If you do not configure this policy setting, the first-run prompt is turned off by default.
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the user's desktop may contain the user name as a part of the path.If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form.If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form.If you do not configure this policy setting, the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting, scripted windows are displayed.If you disable this policy setting, the user must choose to display any scripted windows by using the Notification bar.If you do not configure this policy setting, the user can enable or disable the Notification bar behavior.
This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting, script is allowed to update the status bar.If you disable or do not configure this policy setting, script is not allowed to update the status bar.
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting, Protected Mode is turned on. The user cannot turn off Protected Mode.If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode.If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer, for example).If you enable this policy setting and set the drop-down box to Enable, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open.If you disable this policy setting, these files do not open.If you do not configure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zones.
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOnce-deployed applications built via WinFX. These applications run in a security sandbox and take advantage of the Windows Presentation Foundation platform for the web.If you enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs.If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this behavior.If you do not configure this policy setting, the user can decide whether to load XBAPs inside Internet Explorer.
This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting, script access to the WebBrowser control is allowed.If you disable this policy setting, script access to the WebBrowser control is not allowed.If you do not configure this policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting, .NET Framework Setup is turned off. The user cannot change this behavior.If you disable this policy setting, .NET Framework Setup is turned on. The user cannot change this behavior.If you do not configure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files.If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this behavior.If you do not configure this policy setting, the user can decide whether to load XAML files inside Internet Explorer.
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms, devices, and applications.If you enable this policy setting and set the drop-down box to Enable, XPS files are automatically loaded inside Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS files.If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot change this behavior.If you do not configure this policy setting, the user can decide whether to load XPS files inside Internet Explorer.
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically.
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting, the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.If you disable this policy setting, the user does not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation.
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available.
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls.
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.If you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can be downloaded from the zone.
This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically.
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety.
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting.If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users cannot change this setting in the Internet Options dialog.In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialog.In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users can drag content from one domain to a different d
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable, users can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change this setting.If you enable this policy setting and click Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows. Users cannot change this setting.In Internet Explorer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination are in different windows. Users can change this setting in the Internet Options dialog.In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.If you disable this policy setting, users cannot open windows and frames to access applications from different domains.If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.
This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention.
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention.
This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention.
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components.
This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety.
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting, the XSS Filter is turned on for sites in this zone, and the XSS Filter attempts to block cross-site script injections.If you disable this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, Java applets are disabled.
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins are prevented from running.
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components.
This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Low safety.
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer, he or she may be prompted to approve the control. This policy setting determines whether the user is prompted.If you enable this policy setting, the first-run prompt is turned off in the corresponding zone.If you disable this policy setting, the first-run prompt is turned on in the corresponding zone.If you do not configure this policy setting, the first-run prompt is turned on by default.
This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting, script is allowed to update the status bar.If you disable or do not configure this policy setting, script is allowed to update the status bar.
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing.
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting, you can control whether or not Internet Explorer renders legacy filters by selecting Enable, or Disable, under Options in Group Policy Editor.If you disable, or do not configure this policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Medium Safety.
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.
This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users can download signed controls without user intervention.
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users can run unsigned controls without user intervention.
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users can run unsigned controls without user intervention.
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.If you do not configure this policy setting, users can install desktop items from this zone automatically.
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.
This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone is prevented from running.
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script cannot perform a clipboard operation.
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, signed controls cannot be downloaded.
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are prevented from being downloaded from the zone.
This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.If you do not configure this policy setting, users are prevented from installing desktop items from this zone.
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction is prevented from occurring.
This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts are prevented from accessing applets.
This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to High safety.
This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to High safety.
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.If you enable this policy setting, the certificate address mismatch warning always appears.If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites that present certificates issued for a different website address. This warning helps prevent spoofing attacks.If you enable this policy setting, the certificate address mismatch warning always appears.If you disable or do not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced page in the Internet Control panel).
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Poli
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting, all network paths are mapped into the Intranet Zone.If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting, all network paths are mapped into the Intranet Zone.If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone a
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone a
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting, automatic detection of the intranet is turned on, and intranet mapping rules are applied automatically if the computer belongs to a domain.If you disable this policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured.If this policy setting is not configured, the user can choose whether or not to automatically detect the intranet through the intranet settings dialog in Control Panel.
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting, automatic detection of the intranet is turned on, and intranet mapping rules are applied automatically if the computer belongs to a domain.If you disable this policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured.If this policy setting is not configured, the user can choose whether or not to automatically detect the intranet through the intranet settings dialog in Control Panel.
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings, if they require them.If you enable this policy setting, a Notification bar notification appears whenever the user browses to a page that loads content from an intranet site.If you disable this policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as though it is in the Internet zone.If this policy setting is not configured, a Notification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user turns off the Notification bar.
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings, if they require them.If you enable this policy setting, a Notification bar notification appears whenever the user browses to a page that loads content from an intranet site.If you disable this policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as though it is in the Internet zone.If this policy setting is not configured, a Notification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user turns off the Notification bar.
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users are queried to choose whether to allow the unsigned control to run.
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users are queried to choose whether to allow the unsigned control to run.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Low Safety.
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Low Safety.
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting, the user cannot specify the hover color. You must specify the hover color (for example: 192,192,192).If you disable or do not configure this policy setting, the user can specify the hover color.
This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.If you enable this policy setting, the user cannot specify the color of links not yet clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).If you disable or do not configure this policy setting, the user can specify the color of links not yet clicked.
This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.If you enable this policy setting, the user cannot specify the color of links already clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).If you disable or do not configure this policy setting, the user can specify the color of links already clicked.
This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting, the hover color option is turned on. The user cannot turn it off.If you disable this policy setting, the hover color option is turned off. The user cannot turn it on.If you do not configure this policy setting, the user can turn on or turn off the hover color option.
Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy, the Close command on the File menu will appear dimmed.If you disable this policy or do not configure it, users are not prevented from closing the browser or File Explorer.Note: The Close button in the top right corner of the program will not work; if users click the Close button, they will be informed that the command is not available.
Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy, the Save As command on the File menu will be removed.If you disable this policy or do not configure it, users can save Web pages for later viewing.This policy takes precedence over the "File Menu: Disable Save As Web Page Complete" policy, which prevents users from saving the entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from saving the text of a Web page.Caution: If you enable this policy, users are not prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target As.
Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts, linked files, and other elements. It does not prevent users from saving the text of a Web page.If you enable this policy, the Web Page, Complete file type option will be removed from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog box, users click the File menu, and then click the Save As command.If you disable this policy or do not configure it, users can save all elements on a Web page.The "File menu: Disable Save As... menu option" policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ignored.
Prevents users from opening a new browser window from the File menu.If this policy is enabled, users cannot open a new browser window by clicking the File menu, pointing to the New menu, and then clicking Window. The user interface is not changed, but a new window will not be opened, and users will be informed that the command is not available.If you disable this policy or do not configure it, users can open a new browser window from the File menu.Caution: This policy does not prevent users from opening a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the shortcut menu to open new browser windows, you should also set the "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Menu" policy, which disables the entire shortcut menu.Note: the user will still be able to open New Tabs.
Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy, the Open dialog box will not appear when users click the Open command on the File menu. If users click the Open command, they will be notified that the command is not available.If you disable this policy or do not configure it, users can open a Web page from the browser File menu.Caution: This policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Menu" policy, which disables the entire shortcut menu.
Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy, the Send Feedback command is removed from the Help menu.If you disable this policy or do not configure it, users can fill out an Internet form to provide feedback about Microsoft products.
Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy, the For Netscape Users command is removed from the Help menu.If you disable this policy or do not configure it, users can display content about switching from Netscape by clicking the For Netscape Users command on the Help menu.Caution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Internet Explorer Help file.
Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy, the Tip of the Day command is removed from the Help menu.If you disable this policy or do not configure it, users can enable or disable the Tip of the Day, which appears at the bottom of the browser.
Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy, the Tour command is removed from the Help menu.If you disable this policy or do not configure it, users can run the tour from the Help menu.
This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8, this policy setting only applies to Internet Explorer on the desktop.If you enable this policy setting, the shortcut menu will not appear when a user right-clicks a webpage.If you disable or do not configure this policy setting, users can use the shortcut menu.
Prevents users from adding, removing, editing or viewing the list of Favorite links.The Favorites list is a way to store popular links for future use.If you enable this policy, the Favorites menu is removed from the interface, and the Favorites button on the browser toolbar appears dimmed. The Add to Favorites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable.If you disable this policy or do not configure it, users can manage their Favorites list.Note: If you enable this policy, users also cannot click Synchronize on the Tools menu (in Internet Explorer 6) to manage their favorite links that are set up for offline viewing.
Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy, users cannot point to a link, click the right mouse button, and then click the Open in New Window command.If you disable this policy or do not configure it, users can open a Web page in a new browser window by using the shortcut menu.This policy can be used in coordination with the "File menu: Disable New menu option" policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and then clicking Window.Note: When users click the Open in New Window command, the link will not open in a new window and they will be informed that the command is not available.
Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy, users cannot save a program to disk by clicking the Save This Program to Disk command while attempting to download a file. The file will not be downloaded and users will be informed that the command is not available.If you disable this policy or do not configure it, users can download programs from their browsers.
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting also allows you to manage whether users can access the Print flyout for Internet Explorer and any printers under the Devices charm.If you enable this policy setting, the Print menu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users will not see printers under the Devices charm.If you disable or do not configure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting also allows you to manage whether users can access the Print flyout for Internet Explorer and any printers under the Devices charm.If you enable this policy setting, the Print menu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users will not see printers under the Devices charm.If you disable or do not configure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy, users cannot change their Internet options, such as default home page, cache size, and connection and proxy settings, from the browser Tools menu. When users click the Internet Options command on the Tools menu, they are informed that the command is unavailable.If you disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu.Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Windows Control Panel.Also, see policies for Internet options in the \Administrative Templates\Windows Components\Internet Explorer and in \Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel folders.
Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar.If you enable this policy, the Full Screen command on the View menu will appear dimmed, and pressing F11 will not display the browser in a full screen.If you disable this policy or do not configure it, users can display the browser in a full screen.This policy is intended to prevent users from displaying the browser without toolbars, which might be confusing for some beginning users.
Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy, the Source command on the View menu will appear dimmed.If you disable this policy or do not configure it, then users can view the HTML source of Web pages from the browser View menu.Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTML source of a Web page from the shortcut menu, set the "Turn off Shortcut Menu" policy, which disables the entire shortcut menu.
This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting, automatic image resizing is turned off. The user cannot change this setting.If you disable this policy setting, automatic image resizing is turned on. The user cannot change this setting.If you do not configure this policy setting, the user can turn on or off automatic image resizing.
This policy setting specifies whether graphical images are included when pages are displayed.Sometimes, pages that contain several graphical images are displayed very slowly. If you want to display pages more quickly, you can turn off image display.If you enable this policy setting, images do not appear. The user cannot turn on image display. However, the user can still display an individual image by right-clicking the icon that represents the image and then clicking Show Picture. The "Allow the display of image download placeholders" policy setting must be disabled if this policy setting is enabled.If you disable this policy setting, images appear. The user cannot turn off image display.If you do not configure this policy setting, the user can turn on or turn off image display.
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting, Internet Explorer plays these files, if the appropriate software is installed.If you disable this policy setting, Internet Explorer does not play these files.If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting, Internet Explorer plays these files, if the appropriate software is installed.If you disable this policy setting, Internet Explorer does not play these files.If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.
This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting, placeholders appear for graphical images while the images are downloading. The user cannot change this policy setting. The "Turn off image display" policy setting must be disabled if this policy setting is enabled.If you disable this policy setting, placeholders will not appear for graphical images while the images are downloading. The user cannot change this policy setting.If you do not configure this policy setting, the user can allow or prevent the display of placeholders for graphical images while the images are downloading.
This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting, smart image dithering is turned off. The user cannot turn it on.If you disable this policy setting, smart image dithering is turned on. The user cannot turn it off.If you do not configure this policy setting, the user can turn on or turn off smart image dithering.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security zone.If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.If you disable this policy or do not configure it, you cannot set this limit.Note: This setting does not appear in the user interface.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security zone.If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.If you disable this policy or do not configure it, you cannot set this limit.Note: This setting does not appear in the user interface.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zone.If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.If you disable this policy or do not configure it, you cannot set this limit.Note: This setting does not appear in the user interface.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.If you disable this policy or do not configure it, you cannot set this limit.Note: This setting does not appear in the user interface.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security zone.If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.If you disable this policy or do not configure it, you cannot set this limit.Note: This setting does not appear in the user interface.
This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing, depending on the capabilities of the printer.If you enable this policy setting, the printing of background colors and images is turned on. The user cannot turn it off.If you disable this policy setting, the printing of background colors and images is turned off. The user cannot turn it on.If you do not configure this policy setting, the user can turn on or turn off the printing of background colors and images.
This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off.If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background.
This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting, the ability to synchronize feeds and Web Slices in the background is turned off.If you disable or do not configure this policy setting, the user can synchronize feeds and Web Slices in the background.
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting, the menu command to subscribe to a feed and the menu command to delete a feed are disabled, and access to Web Slices is turned off. A developer cannot add a feed or Web Slice or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders.If you disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or Web Slice by using the Feed APIs.
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting, the menu command to subscribe to a feed and the menu command to delete a feed are disabled, and access to Web Slices is turned off. A developer cannot add a feed or Web Slice or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders.If you disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or Web Slice by using the Feed APIs.
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting, the user does not receive a notification on the toolbar that a feed or Web Slice is available.If you disable or do not configure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting, the user does not receive a notification on the toolbar that a feed or Web Slice is available.If you disable or do not configure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting, the user cannot access the feed list in the Favorites Center.If you disable or do not configure this policy setting, the user can access the feed list in the Favorites Center.
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting, the user cannot access the feed list in the Favorites Center.If you disable or do not configure this policy setting, the user can access the feed list in the Favorites Center.
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting, the Windows RSS Platform authenticates feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.A developer cannot change this policy setting through the Feed APIs.
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting, the Windows RSS Platform authenticates feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection.A developer cannot change this policy setting through the Feed APIs.
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete, copy, or paste).If you enable this policy setting, the user is not prompted when a script that is running in any process on the computer performs a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled.If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attempts to perform a Clipboard operation.If you do not configure this policy setting, current values of the URL action for the application or process on the computer prevail.
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete, copy, or paste).If you enable this policy setting, the user is not prompted when a script that is running in any process on the computer performs a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled.If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attempts to perform a Clipboard operation.If you do not configure this policy setting, current values of the URL action for the application or process on the computer prevail.
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation (delete, copy, or paste) and the URL action for the zone is set to prompt.If you enable this policy setting, the user is not prompted when a script that is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is currently set to prompt, it will be bypassed and enabled.If you disable this policy setting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation.If you do not configure this policy setting, current values of the URL action for the Internet Explorer process prevail.
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation (delete, copy, or paste) and the URL action for the zone is set to prompt.If you enable this policy setting, the user is not prompted when a script that is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is currently set to prompt, it will be bypassed and enabled.If you disable this policy setting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation.If you do not configure this policy setting, current values of the URL action for the Internet Explorer process prevail.
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user.Note: Do not enter the Internet Explorer processes in this list. To enable or disable Internet Explorer processes, use the "Bypass prompting for Clipboard access for scripts running in the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting.If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or 1, the policy setting is ignored.If you enable this policy setting for an application or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior is currently set to prompt, it
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user.Note: Do not enter the Internet Explorer processes in this list. To enable or disable Internet Explorer processes, use the "Bypass prompting for Clipboard access for scripts running in the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting.If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or 1, the policy setting is ignored.If you enable this policy setting for an application or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior is currently set to prompt, it
This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting, you must specify which of the following actions applies to searches on the Address bar. The user cannot change the specified action. Do not search from the Address bar: The user cannot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed in the main window.If you disable or do not configure this policy setting, the user can specify what action applies to searches on the Address bar.
This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting, you must specify which of the following actions applies to searches on the Address bar. The user cannot change the specified action. Do not search from the Address bar: The user cannot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed in the main window.If you disable or do not configure this policy setting, the user can specify what action applies to searches on the Address bar.
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar, a list of search results from the selected search provider is displayed in the main window. Enable top result search: When a user performs a search in the Address bar, the user is directed to an external top result website determined by the search provider, if available.If you enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-results webpage in the main window.If you disable or do not configure this policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar, a list of search results from the selected search provider is displayed in the main window. Enable top result search: When a user performs a search in the Address bar, the user is directed to an external top result website determined by the search provider, if available.If you enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-results webpage in the main window.If you disable or do not configure this policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.
This policy setting allows the user to run natively implemented, scriptable XMLHTTP.If you enable this policy setting, the user can run natively implemented, scriptable XMLHTTP.If you disable this policy setting, the user cannot run natively implemented, scriptable XMLHTTP.If you do not configure this policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
This policy setting allows the user to run natively implemented, scriptable XMLHTTP.If you enable this policy setting, the user can run natively implemented, scriptable XMLHTTP.If you disable this policy setting, the user cannot run natively implemented, scriptable XMLHTTP.If you do not configure this policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a failed URL.If you disable this policy setting, Data URI support is turned on.If you do not configure this policy setting, Data URI support can be turned on or off through the registry.
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a failed URL.If you disable this policy setting, Data URI support is turned on.If you do not configure this policy setting, Data URI support can be turned on or off through the registry.
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista with SP1, and Windows XP with SP3.If you enable this policy setting, Internet Explorer does not turn on Data Execution Prevention on platforms that support the SetProcessDEPPolicy function.If you disable or do not configure this policy setting, Internet Explorer uses the SetProcessDEPPolicy function to turn on Data Execution Prevention on platforms that support the function.This policy setting has no effect if Windows has been configured to enable Data Execution Prevention.
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button, the current password value is visible until the mouse button is released (or until the tap ends).If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be able to depend on the reveal password button being displayed in any web form or web application.If you disable or do not configure this policy setting, the reveal password button can be shown by the application as a user types in a password. The reveal password button is visible by default.On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will override this policy setting.
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button, the current password value is visible until the mouse button is released (or until the tap ends).If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be able to depend on the reveal password button being displayed in any web form or web application.If you disable or do not configure this policy setting, the reveal password button can be shown by the application as a user types in a password. The reveal password button is visible by default.On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will override this policy setting.
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting, Internet Explorer uses the connection limit of your choice for HTTP 1.1.If you disable or do not configure this policy setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host).In versions of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting, Internet Explorer uses the connection limit of your choice for HTTP 1.1.If you disable or do not configure this policy setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host).In versions of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting, Internet Explorer will use the default connection limit for HTTP 1.0 (6 connections per host).In versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting, Internet Explorer will use the default connection limit for HTTP 1.0 (6 connections per host).In versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting, documents cannot request data across third-party domains embedded in the page.If you disable or do not configure this policy setting, documents can request data across third-party domains embedded in the page.
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting, documents cannot request data across third-party domains embedded in the page.If you disable or do not configure this policy setting, documents can request data across third-party domains embedded in the page.
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8, and it does not prevent a site from requesting cross-domain data through a server.If you enable this policy setting, websites cannot request data across domains by using the XDomainRequest object.If you disable or do not configure this policy setting, websites can request data across domains by using the XDomainRequest object.
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8, and it does not prevent a site from requesting cross-domain data through a server.If you enable this policy setting, websites cannot request data across domains by using the XDomainRequest object.If you disable or do not configure this policy setting, websites can request data across domains by using the XDomainRequest object.
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server.If you enable this policy setting, websites cannot request data across domains by using the WebSocket object.If you disable or do not configure this policy setting, websites can request data across domains by using the WebSocket object. By default, the WebSocket object is enabled.
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server.If you enable this policy setting, websites cannot request data across domains by using the WebSocket object.If you disable or do not configure this policy setting, websites can request data across domains by using the WebSocket object. By default, the WebSocket object is enabled.
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting, Internet Explorer uses the WebSocket connection limit that you set with this policy setting.If you disable or do not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting, Internet Explorer uses the WebSocket connection limit that you set with this policy setting.If you disable or do not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting, Internet Explorer is started automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.If you disable this policy setting, Internet Explorer is not started automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.If you do not configure this policy setting, the user can decide whether to start Internet Explorer automatically to complete the signup process after the branding is complete for ISPs (IEAK).
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar, the user is prompted to update or disable the toolbar. Specific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check.If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice.If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings do not undergo these checks.
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar, the user is prompted to update or disable the toolbar. Specific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check.If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice.If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings do not undergo these checks.
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting, the user cannot access Developer Tools.If you disable or do not configure this policy setting, the user can access Developer Tools.
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting, the user cannot access Developer Tools.If you disable or do not configure this policy setting, the user can access Developer Tools.
Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy, the list of toolbars, which users can display by clicking the View menu and then pointing to the Toolbars command, will appear dimmed.If you disable this policy or do not configure it, users can determine which toolbars are displayed in File Explorer and Internet Explorer.This policy can be used in coordination with the "Disable customizing browser toolbar buttons" policy, which prevents users from adding or removing toolbars from Internet Explorer.
Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy, the Customize option will be removed from the menu.If you disable this policy or do not configure it, users can customize which buttons appear on the Internet Explorer and File Explorer toolbars.This policy can be used in coordination with the "Disable customizing browser toolbars" policy, which prevents users from determining which toolbars are displayed in Internet Explorer and File Explorer.
Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer.If you enable this policy, you can specify whether or not each button will be displayed by selecting or clearing the check boxes for each button.If you disable this policy or do not configure it, the standard toolbar will be displayed with its default settings, unless users customize it.
This policy setting allows you to show or hide the Command bar.If you enable this policy setting, the Command bar is hidden and the user cannot choose to show it.If you disable this policy setting, the Command bar is shown and the user cannot choose to hide it.If you do not configure this policy setting, the Command bar is shown by default, and the user can choose to hide it.
This policy setting allows you to show or hide the Command bar.If you enable this policy setting, the Command bar is hidden and the user cannot choose to show it.If you disable this policy setting, the Command bar is shown and the user cannot choose to hide it.If you do not configure this policy setting, the Command bar is shown by default, and the user can choose to hide it.
This policy setting allows you to show or hide the status bar.If you enable this policy setting, the status bar is hidden and the user cannot choose to show it.If you disable this policy setting, the status bar is shown and the user cannot choose to hide it.If you do not configure this policy setting, the status bar is shown by default, and the user can choose to hide it.
This policy setting allows you to show or hide the status bar.If you enable this policy setting, the status bar is hidden and the user cannot choose to show it.If you disable this policy setting, the status bar is shown and the user cannot choose to hide it.If you do not configure this policy setting, the status bar is shown by default, and the user can choose to hide it.
This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting, the toolbars are locked and the user cannot move them.If you disable this policy setting, the toolbars are unlocked and the user can move them.If you do not configure this policy setting, the toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting, the toolbars are locked and the user cannot move them.If you disable this policy setting, the toolbars are unlocked and the user can move them.If you do not configure this policy setting, the toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting, the Stop and Refresh buttons are next to the Forward and Back buttons, and the user cannot move them.If you disable this policy setting, the Stop and Refresh buttons are next to the Address bar, and the user cannot move them.If you do not configure this policy setting, the Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting, the Stop and Refresh buttons are next to the Forward and Back buttons, and the user cannot move them.If you disable this policy setting, the Stop and Refresh buttons are next to the Address bar, and the user cannot move them.If you do not configure this policy setting, the Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective text, or show only icons.If you enable this policy setting, command buttons are displayed according to which one of the following options you choose, and the user cannot change how command buttons are displayed:Show all text labels: All command buttons have only text.Show selective text: Some command buttons have only text; some have icons and text.Show only icons: All command buttons have only icons.If you disable or do not configure this policy setting, the command buttons show selective text by default, and the user can change this.
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective text, or show only icons.If you enable this policy setting, command buttons are displayed according to which one of the following options you choose, and the user cannot change how command buttons are displayed:Show all text labels: All command buttons have only text.Show selective text: Some command buttons have only text; some have icons and text.Show only icons: All command buttons have only icons.If you disable or do not configure this policy setting, the command buttons show selective text by default, and the user can change this.
This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting, icons for command buttons are 20 x 20 pixels and cannot be made smaller (16 x 16 pixels).If you disable this policy setting, icons for command buttons are 16 x 16 pixels (the default) and cannot be made bigger (20 x 20 pixels).If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user can make them bigger (20 x 20 pixels).
This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting, icons for command buttons are 20 x 20 pixels and cannot be made smaller (16 x 16 pixels).If you disable this policy setting, icons for command buttons are 16 x 16 pixels (the default) and cannot be made bigger (20 x 20 pixels).If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user can make them bigger (20 x 20 pixels).
This policy setting allows you to manage where tabs are displayed.If you enable this policy setting, tabs are displayed on a separate row.If you disable this policy setting, tabs are not displayed on a separate row.If you do not configure this policy setting, the user can change where tabs are displayed.
This policy setting allows you to manage where tabs are displayed.If you enable this policy setting, tabs are displayed on a separate row.If you disable this policy setting, tabs are not displayed on a separate row.If you do not configure this policy setting, the user can change where tabs are displayed.
This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting, the user cannot specify the update check interval. You must specify the update check interval.If you disable or do not configure this policy setting, the user can specify the update check interval.
This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting, the user cannot change the URL that is displayed for checking updates to Internet Explorer and Internet Tools. You must specify this URL.If you disable or do not configure this policy setting, the user can change the URL that is displayed for checking updates to Internet Explorer and Internet Tools.
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before, a Notification bar will appear, asking the user for approval.If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security checks.If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before, a Notification bar will appear, asking the user for approval.If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security checks.If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis.If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting, ActiveX controls cannot be installed on a per-user basis.If you disable or do not configure this policy setting, ActiveX controls can be installed on a per-user basis.
This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls.If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.
This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting, ActiveX controls are installed only if the ActiveX Installer Service is present and has been configured to allow the installation of ActiveX controls.If you disable or do not configure this policy setting, ActiveX controls, including per-user controls, are installed through the standard installation process.
This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.If you disable this policy setting, the entry points and functionality associated with this feature are turned off.If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.If you disable this policy setting, the entry points and functionality associated with this feature are turned off.If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies, temporary Internet files, history, and other data.If you enable this policy setting, InPrivate Browsing is turned off.If you disable this policy setting, InPrivate Browsing is available for use.If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.
This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies, temporary Internet files, history, and other data.If you enable this policy setting, InPrivate Browsing is turned off.If you disable this policy setting, InPrivate Browsing is available for use.If you do not configure this policy setting, InPrivate Browsing can be turned on or off through the registry.
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default, the computer does not load them when InPrivate Browsing starts.If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session.If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session.If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default, the computer does not load them when InPrivate Browsing starts.If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session.If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session.If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content, along with data about the first-party websites that referenced it. It is collected during non-InPrivate (normal) browsing sessions.If you enable this policy setting, InPrivate Filtering data collection is turned off.If you disable this policy setting, InPrivate Filtering collection is turned on.If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on the Privacy tab in Internet Options.
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content, along with data about the first-party websites that referenced it. It is collected during non-InPrivate (normal) browsing sessions.If you enable this policy setting, InPrivate Filtering data collection is turned off.If you disable this policy setting, InPrivate Filtering collection is turned on.If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on the Privacy tab in Internet Options.
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.If you enable this policy setting, the selected value is enforced.If you disable or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then clicking InPrivate Filtering.
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.If you enable this policy setting, the selected value is enforced.If you disable or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then clicking InPrivate Filtering.
This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering data is not collected.If you disable this policy setting, InPrivate Filtering is available for use.If you do not configure this policy setting, it can be configured through the registry.
This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering data is not collected.If you disable this policy setting, InPrivate Filtering is available for use.If you do not configure this policy setting, it can be configured through the registry.
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.If you enable this policy setting, the selected value is enforced.If you disable or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and then clicking Tracking Protection.
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30.If you enable this policy setting, the selected value is enforced.If you disable or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and then clicking Tracking Protection.
This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protection data is not collected.If you disable this policy setting, Tracking Protection is available for use.If you do not configure this policy setting, it can be configured through the registry.
This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protection data is not collected.If you disable this policy setting, Tracking Protection is available for use.If you do not configure this policy setting, it can be configured through the registry.
This policy setting allows you to add non-default Accelerators.If you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.If you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.
This policy setting allows you to add non-default Accelerators.If you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.If you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.
This policy setting allows you to add default Accelerators.If you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.If you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.
This policy setting allows you to add default Accelerators.If you enable this policy setting, the specified Accelerators are added to the user's browser. The user can append other Accelerators to this list, but the user cannot remove or change the Accelerators that this policy setting has added. Default and non-default Accelerators should not overlap.If you disable or do not configure this policy setting, the user has Accelerators that are provided through first use of the browser.
This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting, users cannot access Accelerators.If you disable or do not configure this policy setting, users can access Accelerators and install new Accelerators.
This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting, users cannot access Accelerators.If you disable or do not configure this policy setting, users can access Accelerators and install new Accelerators.
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting, the user can access only Accelerators that are deployed through Group Policy. The user cannot add or delete Accelerators.If you disable or do not configure this policy setting, the user can access any Accelerators that he or she has installed.
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting, the user can access only Accelerators that are deployed through Group Policy. The user cannot add or delete Accelerators.If you disable or do not configure this policy setting, the user can access any Accelerators that he or she has installed.
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly.If you disable this policy setting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer.If you do not configure this policy setting,
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly.If you disable this policy setting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer.If you do not configure this policy setting,
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list.If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting, the user cannot use the Compatibility View button or manage the Compatibility View sites list.If you disable or do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for l
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for l
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting, the user cannot use the Compatibility View button.If you disable or do not configure this policy setting, the user can use the Compatibility View button.
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting, the user cannot use the Compatibility View button.If you disable or do not configure this policy setting, the user can use the Compatibility View button.
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.If you disable or do not configure this policy setting, the user can add and remove sites from the list.
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.If you disable or do not configure this policy setting, the user can add and remove sites from the list.
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting, the Microsoft-provided website lists are used during browser navigation. If a user visits a site on the compatibility lists, the pages are automatically displayed in Compatibility View.If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box.If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the feature by using the Compatibility View Settings dialog box.
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting, the Microsoft-provided website lists are used during browser navigation. If a user visits a site on the compatibility lists, the pages are automatically displayed in Compatibility View.If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box.If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the feature by using the Compatibility View Settings dialog box.
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar, the desktop, or File Explorer.If you enable this policy setting, users cannot pin sites.If you disable or do not configure this policy setting, users can pin sites.
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar, the desktop, or File Explorer.If you enable this policy setting, users cannot pin sites.If you disable or do not configure this policy setting, users can pin sites.
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting, you provide the cache limit, in MB.If you enable this policy setting, Internet Explorer displays a notification when a website exceeds the configured storage limit.If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application caches.
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting, you provide the cache limit, in MB.If you enable this policy setting, Internet Explorer displays a notification when a website exceeds the configured storage limit.If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application caches.
This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you disable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you do not configure this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.
This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you disable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you do not configure this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websites policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 500 MB.If you enable this policy setting, Internet Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 500 MB.
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websites policy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 500 MB.If you enable this policy setting, Internet Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 500 MB.
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete indexed databases before an updated database can be saved on their computer. The default maximum storage limit for all indexed databases is 4 GB.If you enable this policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 4 GB.
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete indexed databases before an updated database can be saved on their computer. The default maximum storage limit for all indexed databases is 4 GB.If you enable this policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases. The default is 4 GB.
This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you disable this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you do not configure this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.
This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you disable this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be unavailable to users.If you do not configure this policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their computers.
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websites policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 50 MB.If you enable this policy setting, Internet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 50 MB.
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websites policy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide the cache limit, in MB. The default is 50 MB.If you enable this policy setting, Internet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 50 MB.
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete application caches before an updated one can be saved on their computer. The default maximum storage limit for all application caches is 1 GB.If you enable this policy setting, you can set the maximum storage limit for all application caches. The default is 1 GB.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 1 GB.
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you provide the storage limit in MB. When the limit is reached, Internet Explorer notifies the user, and the user must delete application caches before an updated one can be saved on their computer. The default maximum storage limit for all application caches is 1 GB.If you enable this policy setting, you can set the maximum storage limit for all application caches. The default is 1 GB.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The default is 1 GB.
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit, it will not be automatically removed. When you set this policy setting, you provide the expiration time limit in days.If you enable this policy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expiration time limit for all application caches. The default is 30 days.
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit, it will not be automatically removed. When you set this policy setting, you provide the expiration time limit in days.If you enable this policy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expiration time limit for all application caches. The default is 30 days.
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed, including the page that referenced the manifest, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit as a number. The default is 1000 resources.If you enable this policy setting, Internet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache resource list size for all application caches. The default is 1000 resources.
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed, including the page that referenced the manifest, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit as a number. The default is 1000 resources.If you enable this policy setting, Internet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache resource list size for all application caches. The default is 1000 resources.
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB.If you enable this policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or equal to the size set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The default is 50 MB.
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size, Internet Explorer sends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB.If you enable this policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or equal to the size set in this policy setting.If you disable or do not configure this policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The default is 50 MB.
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explorer displays the home page. In Internet Explorer 10, Internet Explorer can start a new browsing session with the tabs from the last browsing session.If you enable this policy setting, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start with the home page.If you disable this policy setting, Internet Explorer starts a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session.If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this option to start with the tabs from the last session.
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explorer displays the home page. In Internet Explorer 10, Internet Explorer can start a new browsing session with the tabs from the last browsing session.If you enable this policy setting, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start with the home page.If you disable this policy setting, Internet Explorer starts a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session.If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this option to start with the tabs from the last session.
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting, Internet Explorer opens tiles only on the desktop.If you disable this policy setting, Internet Explorer does not open tiles on the desktop.If you do not configure this policy, users can choose how Internet Explorer tiles are opened.
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting, Internet Explorer opens tiles only on the desktop.If you disable this policy setting, Internet Explorer does not open tiles on the desktop.If you do not configure this policy, users can choose how Internet Explorer tiles are opened.
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Internet Explorer, or always in Internet Explorer on the desktop.If you enable this policy setting, Internet Explorer enforces your choice. Users cannot change the setting.If you disable or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Internet Explorer, or always in Internet Explorer on the desktop.If you enable this policy setting, Internet Explorer enforces your choice. Users cannot change the setting.If you disable or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting, automatic upgrade of Internet Explorer will be turned on.If you disable this policy setting, automatic upgrade of Internet Explorer will be turned off.If you do not configure this policy, users can turn on or turn off automatic updates from the About Internet Explorer dialog.
Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy, users cannot start the handwriting recognition error reporting tool or send error reports to Microsoft.If you disable this policy, Tablet PC users can report handwriting recognition errors to Microsoft.If you do not configure this policy Tablet PC users can report handwriting recognition errors to Microsoft.
Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy, users cannot start the handwriting recognition error reporting tool or send error reports to Microsoft.If you disable this policy, Tablet PC users can report handwriting recognition errors to Microsoft.If you do not configure this policy Tablet PC users can report handwriting recognition errors to Microsoft.
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.
This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting, the domain controller provides the information message about previous logons.For Windows Logon to leverage this feature, the "Display information about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also needs to be enabled.If you disable or do not configure this policy setting, the domain controller does not provide information about previous logons unless the "Display information about previous logons during user logon" policy setting is enabled.Note: Information about previous logons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information about previous logons, and enabling this policy setting does not affect anyt
This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.If you disable or do not configure this policy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not found, NTLM authentication might be used.To ensure consistent behavior, this policy setting must be supported and set identically on all domain controllers in the domain.
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication or armoring.If you configure the "Not supported" option, the domain controller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.Note: For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support
This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm.If you enable this policy setting, you can view and change the list of DNS host names and DNS suffixes mapped to a Kerberos realm as defined by Group Policy. To view the list of mappings, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted.If you do not configure this policy setting, the system uses the host
This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting. If you enable this policy setting, you can view and change the list of interoperable Kerberos V5 realms and their settings. To view the list of interoperable Kerberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.If you disable this policy setting, the interoperable Kerberos V5 rea
This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to a
This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 or later attempt to use Kerberos by generating an SPN. If you enable this policy setting, only services running as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or NetworkService might fail to authenticate.If you disable or do not configure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.If you enable this policy setting, the Kerberos client will use the KDC proxy server for a domain when a domain controller cannot be located based on the configured mappings. To map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters.If you disable or do not configure this policy setting, t
This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections. Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid. If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.
This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring. If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
This policy setting controls configuring the device's Active Directory account for compound authentication.Support for providing compound authentication which is used for access control will require enough domain controllers in the resource account domains to support the requests. The Domain Administrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this policy.If you enable this policy setting, the device's Active Directory account will be configured for compound authentication by the following options:Never: Compound authentication is never provided for this computer account.Automatic: Compound authentication is provided for this computer account when one or more applications are configured for Dynamic Access Control.Always: Compound authentication is always provided for this computer account.If you disable this policy setting, Never will be used.If you do not configure this policy setting, Automatic will be used.
This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size. The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value. Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 by
This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features. If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.Policy configurationSelect one of the following:- Not Configured. With this selection, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual servers where you want to enable BranchCache.- Enabled. With this selection, hash publication is turned on for all file servers where
This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled. If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V2 hash generation and retrieval are supported.- Enabled. With this selection, the policy setting is applied and the hash version(s) that are specified in "
This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems.If you enable or do not configure this policy setting, the DPS enables Windows Memory Leak Diagnosis by default.If you disable this policy setting, the DPS is not able to diagnose memory leak problems.This policy setting takes effect only under the following conditions: -- If the diagnostics-wide scenario execution policy is not configured. -- When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.Note: The DPS can be configured with the Services snap-in to the Microsoft Management Console.No operating system restart or service restart is required for this policy to take effect. Changes take effect immediately.
This policy setting changes the operational behavior of the Mapper I/O network protocol driver.LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis.If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.
This policy setting changes the operational behavior of the Responder network protocol driver.The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.If you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.If you disable or do not configure this policy setting, the default behavior for the Responder will apply.
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting.Also, see the ""Do not process the run once list
This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and services that the system starts.If you enable this policy setting, the system ignores the run list for Windows Vista, Windows XP Professional, and Windows 2000 Professional.If you disable or do not configure this policy setting, Windows Vista adds any customized run list configured to its run list.This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting.Also, see the ""Do not process the run once list
This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting, the system ignores the run-once list.If you disable or do not configure this policy setting, the system runs the programs in the run-once list.This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.Note: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce.Also, see the ""Do not process the legacy run list"" policy setting.
This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting, the system ignores the run-once list.If you disable or do not configure this policy setting, the system runs the programs in the run-once list.This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.Note: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce.Also, see the ""Do not process the legacy run list"" policy setting.
This policy setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain.If you enable this policy setting, the classic log on screen is presented to the user at logon, rather than the simple logon screen.If you disable or do not configure this policy setting, computers in a workgroup will present the simple logon screen to the user at logon.
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.Users can still display the welcome screen by selecting it on the Start menu or by typing ""Welcome"" in the Run dialog box.If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.This setting applies only to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000 Server.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click ""Getting Started."" To
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration set
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting, you can specify which programs can run at the time the user logs on to this computer that has this policy applied.To specify values for this policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file.If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs specified in the User Configuration set
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon). By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to
This policy setting suppresses system status messages.If you enable this setting, the system does not display a message reminding users to wait while their system starts or shuts down, or while users log on or off.If you disable or do not configure this policy setting, the system displays the message reminding users to wait while their system starts or shuts down, or while users log on or off.
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting, the welcome screen is hidden from the user logging on to a computer where this policy is applied.Users can still display the welcome screen by selecting it on the Start menu or by typing ""Welcome"" in the Run dialog box.If you disable or do not configure this policy, the welcome screen is displayed each time a user logs on to the computer.This setting applies only to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000 Server.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point to System Tools, and then click ""Getting Started."" To
This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or logging off the system.If you disable or do not configure this policy setting, only the default status messages are displayed to the user during these processes.Note: This policy setting is ignored if the ""Remove Boot/Shutdown/Logon/Logoff status messages"" policy setting is enabled.
This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager.If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager.If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.
This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup, and can be turned on or off in the Sound item of Control Panel.Enabling or disabling this setting automatically prevents users from customizing the default behavior of the Windows Startup sound.If you enable this policy setting, the Windows Startup sound is turned off for all users.If you disable this policy setting, the Windows Startup sound is turned on for all users.If you do not configure this policy setting, the Windows Startup sound is turned on for all users by default and is customizable in the Sound item of Control Panel.This policy setting does not prevent users from setting preferences for other system sounds.
This policy setting allows you to control whether users see the first sign-in animation when signing in to the PC for the first time.If you enable this policy setting, users will see the animation.If you disable this policy setting, users will not see the animation.If you don't configure this policy setting, users will see the animation when completing Windows OOBE. If the user had already completed OOBE and this policy setting is not configured, new users will not see the animation. Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.
This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting, the logon screen always attempts to load a custom background instead of the Windows-branded logon background. If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.
This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers.If you disable or do not configure this policy setting, connected users will be enumerated on domain-joined computers.
This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joined computers.
This policy setting allows you to prevent app notifications from appearing on the lock screen.If you enable this policy setting, no app notifications are displayed on the lock screen.If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos, and to view and record live television.If you enable this policy setting, Windows Media Center will not run.If you disable or do not configure this policy setting, Windows Media Center can be run.
This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos, and to view and record live television.If you enable this policy setting, Windows Media Center will not run.If you disable or do not configure this policy setting, Windows Media Center can be run.
Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.As a result, users cannot create console files or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.This setting permits users to open MMC user-mode console files, such as those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt.If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins. To explicitly permit a snap-in, open the Restricted/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited.-- If you disable this setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use of most snap-ins. To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted.When a snap-in is prohibited, it does not appear in the Add/Remove
Permits or prohibits use of this snap-in.If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or disabled), this snap-in is prohibited.-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited. -- If the policy
Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.If this setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed.-- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the Group Policy tab is inaccessible.-- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or not
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console. If you disable this policy setting, the snap-in is prohibited and cannot be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited.-- If the policy se
This policy setting turns off Windows Mobility Center.If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.If you do not configure this policy setting, Windows Mobility Center is on by default.
This policy setting turns off Windows Mobility Center.If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.If you do not configure this policy setting, Windows Mobility Center is on by default.
This policy setting turns off Windows presentation settings.If you enable this policy setting, Windows presentation settings cannot be invoked.If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.Note: Users will be able to customize their system settings for presentations in Windows Mobility Center.If you do not configure this policy setting, Windows presentation settings can be invoked.
This policy setting turns off Windows presentation settings.If you enable this policy setting, Windows presentation settings cannot be invoked.If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.Note: Users will be able to customize their system settings for presentations in Windows Mobility Center.If you do not configure this policy setting, Windows presentation settings can be invoked.
This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting, this will override the default daily scheduled time as specified in Action Center/Automatic Maintenance Control Panel. If you disable or do not configure this policy setting, the daily scheduled time as specified in Action Center/Automatic Maintenance Control Panel will apply.
This policy setting allows you to configure Automatic Maintenance activation random delay. The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its Activation Boundary. This settings is useful for Virtual Machines where the randomizing maintenance may be a performance requirement. If you enable this policy setting, Automatic Maintenance will delay starting from its Activation Boundary, by upto this time. If you disable or do not configure this policy setting, 30 minute random delay will be applied to Automatic Maintenance starting on virtual machines and none otherwise.
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect. If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required. If you disable or do not configure this policy setting, the wake setting as specified in Action Center/Automatic Maintenance Control Panel will apply.
This policy setting determines the execution level for Microsoft Support Diagnostic Tool.Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.If you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.If you disable this policy setting, MSDT cannot gather diagnostic data.If you do not configure this policy setting, MSDT is turned on by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. For some problems, MSDT may prompt the user to download additional tools for troubleshooting.These tools are required to completely troubleshoot the problem. If tool download is restricted, it may not be possible to find the root cause of the problem.If you enable this policy setting for remote troubleshooting, MSDT prompts the user to download additional tools to diagnose problems on remote computers only. If you enable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading.If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers.If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools.No reboots or service restarts are required for this policy se
This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.By default, the support provider is set to Microsoft Corporation.If you disable this policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider.If you do not configure this policy setting, MSDT support mode is enabled by default.No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog box when application reinstallation is required. This is the default recovery behavior on Windows client.Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.Troubleshooting Only: Detection and verification of file corruption will be performed without UI. Recovery is not attempted.If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Tro
This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting, the Browse button in the "Use feature from" dialog box is enabled. As a result, users can search for installation files even when the installation program is running with elevated system privileges.Because the installation is running with elevated system privileges, users can browse through directories that their own permissions would not allow.This policy setting does not affect installations that run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting.If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting, all users are permitted to install programs from removable media, such as floppy disks and CD-ROMs, even when the installation program is running with elevated system privileges.This policy setting does not affect installations that run in the user's security context. By default, users can install from removable media when the installation runs in their own security context.If you disable or do not configure this policy setting, by default, users can install programs from removable media only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media.Also, see the "Prevent removable media source for any install" policy setting.
This policy setting allows users to patch elevated products.If you enable this policy setting, all users are permitted to install patches, even when the installation program is running with elevated system privileges. Patches are updates or upgrades that replace only those program files that have changed. Because patches can easily be vehicles for malicious programs, some installations prohibit their use.If you disable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.This policy setting does not affect installations that run in the user's security context. By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.Caution: Skilled users can take advantage o
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.If you disable or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administrator does not distribute or offer.Note: This policy setting appears both in the Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders.Caution: Skilled users can take advantage o
This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting, you can use the options in the Prohibit Use of Restart Manager box to control file in use detection behavior.-- The "Restart Manager On" option instructs Windows Installer to use Restart Manager to detect files in use and mitigate a system restart, when possible.-- The "Restart Manager Off" option turns off Restart Manager for file in use detection and the legacy file in use behavior is used.-- The "Restart Manager Off for Legacy App Setup" option applies to packages that were created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still using Restart Manager for detection.If you disable or do not configure this policy setting, Windows Installer will use Restart Manager to detect files
This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting, the Browse button beside the "Use feature from" list in the Windows Installer dialog box is disabled. As a result, users must select an installation file source from the "Use features from" list that the system administrator configures. This policy setting applies even when the installation is running in the user's security context. If you disable or do not configure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. This policy setting affects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations
This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting, all Patch Optimization options are turned off during the installation.If you disable or do not configure this policy setting, it enables faster application of patches by removing execution of unnecessary actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied using a minimal set of processing.
This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting, you can use the options in the Disable logging via package settings box to control automatic logging via package settings behavior.-- The "Logging via package settings on" option instructs Windows Installer to automatically generate log files for packages that include the MsiLogging property.-- The "Logging via package settings off" option turns off the automatic logging behavior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging policy.If you disable or do not configure this policy setting, Windows Installer will automatically generate log files for those packages that include the MsiLogging property.
This policy setting prevents users from installing any programs from removable media.If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.This policy setting applies even when the installation is running in the user's security context.If you disable or do not configure this policy setting, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs.Also, see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy settings.
This policy setting restricts the use of Windows Installer.If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and Windows Vista when the policy is not configured.-- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured.-- The "Always" option indicates that Windows Installer is disabled.This policy setting affec
This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting, users are prevented from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installations prohibit their use.Note: This policy setting applies only to installations that run in the user's security context.If you disable or do not configure this policy setting, by default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as those offered on the desktop or in Add or Remove Programs.Also, see the "Enable user to patch elevated products" policy setting.
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.This policy setting appears in the Computer Configuration and User Configuration folders. If
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting, Windows Installer is prevented from recording the original state of the system and sequence of changes it makes during installation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the computer to its original state if the installation does not complete.This policy setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not use this policy setting unless it is essential.This policy setting appears in the Computer Configuration and User Configuration folders. If
This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a security violation.If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing installation options typically reserved for system administrators, such as specifying the directory to which files are installed.If Windows Installer detects that an installation package has permitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when the installation program is running in a privileged security context in which it has access to directories denied to the user.This policy setting is designed for less restrictive environments. It can be used to circumvent errors in an installat
This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applications.If you disable or do not configure this policy setting, users without administrative privileges can install non-administrator updates.
This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting, updates cannot be removed from the computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product.If you disable or do not configure this policy setting, a user can remove an update from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machine context."
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files.If you enable this policy setting, the Windows Installer does not generate System Restore checkpoints when installing applications.If you disable or do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the application.
This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down list to select the behavior you want.If you do not configure this policy setting, or if the policy setting is enabled and "Allow User Installs" is selected, the installer allows and makes use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an application, this hides a per-computer installation of that same product.If you enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in their user profile.
This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting, strict upgrade rules will be enforced by the Windows Installer which may cause some upgrades to fail. Upgrades can fail if they attempt to do one of the following:(1) Remove a component from a feature.This can also occur if you change the GUID of a component. The component identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component.(2) Add a new feature to the top or middle of an existing feature tree.The new feature must be added as a new leaf feature to an existing feature tree.If you disable or do not configure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.
This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be deleted when the product is removed. If you set the baseline cache to 100, the Windows Installer will use available free space for the baseline file cache. If you disable or do not configure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.
Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume. When you enable this policy setting, you can specify the types of events you want Windows Installer to record. To indicate that an event type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event types as you want. To disable logging, delete all of the letters from the box. If you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation.If you enable this policy setting, the warning is suppressed and allows the installation to proceed.This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.
This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting, by default, the Windows Installer searches the network first, then removable media (floppy drive, CD-ROM, or DVD), and finally, the Internet (URL).If you enable this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want Windows Installer to search:-- "n" represents the network;-- "m" represents media;-- "u" represents URL, or the Internet.To exclude a file source, omit or delete the letter representing that source type.
This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting, the transform file is saved in a secure location on the user's computer.If you do not configure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the original or identical media to reinstall, remove, or repair the installation.This policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files.If you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile.If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vista, when a user reinstalls, rem
This policy setting controls the ability to turn off shared components.If you enable this policy setting, no packages on the system get the shared component functionality enabled by the msidbComponentAttributesShared attribute in the Component Table.If you disable or do not configure this policy setting, by default, the shared component functionality is allowed.
This policy setting controls the ability to prevent embedded UI.If you enable this policy setting, no packages on the system can run embedded UI.If you disable or do not configure this policy setting, embedded UI is allowed to run.
This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting, NAP allows the Windows XP version of the 802.1x Wireless Enforcement Client to participate. If you disable or do not configure this policy setting, the Windows XP version of the 802.1x Wireless Enforcement Client cannot participate in NAP.
Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify Contoso Intranet Access for the DirectAccess clients of the Contoso Corporation.If this setting is not configured, the string that appears for DirectAccess connectivity is Corporate Connection.
Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured, the entry for DirectAccess connectivity appears.
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.The ability to disconnect allows users to specify single-label, unqualified names (such as PRINTSVR) for local resources when connected to a different intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAccess client computer is connected to its own intranet.To
Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.
Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING: followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1. Note We recommend that you use FQDNs instead of IPv6 addresses wherever possible.Important At least one of the entries must be a PING: resource.-A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do not matter. The syntax is HTTP: followed by a URL. The host portion of the URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/.-A Universal Naming Convention (UNC) p
Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel. Each entry consists of the text PING: followed by the IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1.You must configure this setting to have complete NCA functionality.
Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior.
This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password.If you disable this policy setting, the DCs will not attempt to verify any passwords with the PDC emulator. If you do not configure this policy setting, it is not applied to any DCs.
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.Warning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may be excessive.
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.The default value for this setting is 60 minutes (60*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.If the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting, the Initial DC Discovery Retry Setting is used.Warning: If the value for this setting is too large, a client may take very long periods to try to find a DC.If the value for this setting is too small and the DC is not available, the frequent retries may produce excessive network traffic.
This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.Warning: If the value for this setting is too small, a client will stop trying to find a DC too soon.
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged.If you enable this policy setting and specify a non-zero value, debug information will be logged to the file. Higher values result in more verbose logging; the value of 536936447 is commonly used as an optimal setting.If you specify zero for this policy setting, the default behavior occurs as described above.If you disable this policy setting or do not configure it, the default behavior occurs as described above.
This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).If you do not confihgure this policy setting, it is not applied to any computers, and computers use their local configuration.
This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.If you disable or do not configure this policy setting, the default behavior occurs as indicated above.
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.Warning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when none are available.
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.If you disable or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.By default, the Netlogon share will grant shared read access to files on the share when exclusive access is requested.Note: The Netlogon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the files by requesting exclusive read access, w
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified, and modifies it if necessary.- On the domain controllers (DC), discovers a DC that has not been discovered.- On the PDC, attempts to add the <DomainName>*1B+ NetBIOS name if it hasnt already been successfully added.None of these operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of DCs in a trusted domain.To enable the setting, click Enabled, and then specify the interval in seconds.
This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting, click Enabled, and then enter the site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory.If you do not configure this policy setting, it is not applied to any computers, and computers use their local configuration.
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.When this setting is disabled or not configured, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested and the caller has only read permission.By default, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested.Note: The SYSVOL share is a share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the SYSVOL share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting exclusive read access, which might prevent Gr
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default, when a computer (or the DC Locator running on a computer, to be more specific) needs to locate a domain controller hosting an Active Directory domain specified with a single-label name, the computer exclusively uses NetBIOS name resolution, but not the DNS name resolution, unless the computer is joined to an Active Directory forest in which at least one domain has a single-label DNS name. If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution.If you disable this policy setting, computers to which this setting is applied will only use NetBIOS name resolution to attempt to locate a domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the
This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.If you disable this policy setting, the DCs will not register site-specific DC Locator DNS SRV records for any other sites but their own.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.Select the mnemonics from the following list:Mnemonic Type DNS RecordLdapIpAddress A <DnsDomainName>Ldap SRV _ldap._tcp.<DnsDomainName>LdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDomainName>Pdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName>Gc SRV _ldap._tcp.gc._msdcs.<DnsForestName>GcAtSite SRV _ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName>DcByGuid SRV _ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName>GcIpAddress A gc._msdcs.<DnsForestName>DsaCname CNAME <DsaGuid>._msdcs.<DnsForestName>Kdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName>KdcAtSite SRV _kerberos
This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.Warning: If the DNS resource records are registered in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Setting the Refresh Interval of the DC Locat
This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes).If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.To specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter the sites' names in a space-delimited format.If you do not configure this policy setting, it is not applied to any GCs, and GCs use their loca
This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then enter the site names in a space
This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names in a space-delimited format.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.If you disable this policy setting, DCs will not register DC Locator DNS resource records.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer across all available but un-configured network adapters.If you disable this policy setting, Try Next Closest Site DC Location will not b
This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior.If you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.If you disable this policy setting, DC Locator APIs will ONLY return IPv4 DC address if any. So i
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller. If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk.If you disable this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms. If you do not configure this policy setting, Net Logon will not allow the negotiation and use of older cryp
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message.This policy setting is recommended to reduce the attack surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names.If you enable this policy setting, this DC does not process incoming mailslot messages that are used for NetBIOS domain name based DC location.If you disable or do not configure this policy setting, this DC processes incoming mailslot messages. This is the default behavi
This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended.Note that this policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known.If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the defau
This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client. The allowable values for this setting result in the following behaviors:0 - DCs will never perform address lookups.1 - DCs will perform an exhaustive address lookup to discover additional client IP addresses.2 - DCs will perform a fast, DNS-only address lookup to discover additional client IP addresses.To specify this behavior in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2.If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local con
This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version.The allowable values for this setting result in the following behaviors:1 - Computers will ping DCs at the normal frequency.2 - Computers will ping DCs at the higher frequency.To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2.If you do not configure this policy setting, it is not a
Determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.The Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in t
Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.Note: Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.
Determines whether users can configure advanced TCP/IP settings.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.Note: This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain acc
Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
Determines whether administrators can enable and disable the components used by LAN connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.Note
Determines whether users can delete all user remote access connections.To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection.If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on pos
Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)Important: When enabled, this set
Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.If you enable this policy setting, this condition will not be reported as an error to the user.If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.This setting determines whether the Properties button for components of a LAN connection is enabled.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.The Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change
Determines whether users can enable/disable LAN connections.If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.Note: Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If
Determines whether users can use the New Connection Wizard, which creates new network connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.Note: Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or dis
Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In additio
Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available to users.If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting w
Determines whether users can view and change the properties of components used by a private or all-user remote access connection.This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Properties button is enabled for all users.The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.Note:
Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box for a private connection is available to users.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, a Properties menu item ap
Determines whether nonadministrators can rename all-user remote access connections.To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.If you enable this setting, the Rename option is enabled for all-user remote access connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu.If you disable this setting, the Rename option is disabled for nonadministrators only.If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.Note: This setting does not apply to AdministratorsNote: When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply.Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
Determines whether users can rename LAN or all user remote access connections.If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.Note: When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" s
Determines whether nonadministrators can rename a LAN connection.If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.If you disable this setting, the Rename option is disabled for nonadministrators only.If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connectionsNote: This setting does not apply to Administrators.Note: When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators).Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sha
Determines whether users can view the status for an active connection.Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.If you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.If you disable this setting or do not configure it, the connection status taskbar icon and Status dialog box are available to
This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting, domain users must elevate when setting a network's location.If you disable or do not configure this policy setting, domain users can set a network's location without elevating.
Specifies whether or not the "local access only" network icon will be shown.When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
This setting does not apply to desktop apps.A semicolon-separated list of Internet proxy server IP addresses. These addresses are categorized as Internet by Windows Network Isolation and are accessible to apps that have the Internet Client or Internet Client/Server capabilities.If you enable this policy setting, apps on proxied networks can access the Internet without relying on the Private Network capability. However, in most situations Windows Network Isolation will be able to correctly discover proxies. By default, any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole list of allowed proxies, enable the "Proxy definitions are authoritative" setting.If you disable or do not configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation.Example: [3efe:3022::1000];18.0.0.1;18.0.0.2 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
This setting does not apply to desktop apps.A semicolon-separated list of intranet proxy server IP addresses. These addresses are categorized as private by Windows Network Isolation and are accessible to apps that have the Home/Work Networking capability.If you enable this policy setting, it allows an administrator to configure a set of proxies that provide access to intranet resources.If you disable or do not configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This setting should NOT be used to configure Internet proxies.Example: [3efe:3022::1000]; 18.0.0.1; 18.0.0.2For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
This setting does not apply to desktop apps.A comma-separated list of IP address ranges that are in your corporate network.If you enable this policy setting, it ensures that apps with the Home/Work Networking capability have appropriate access to your corporate network. These addresses are only accessible to apps if and only if the app has declared the Home/Work Networking capability.Windows Network Isolation attempts to automatically discover private network hosts. By default, the addresses configured with this policy setting are merged with the hosts that are declared as private through automatic discovery.To ensure that these addresses are the only addresses ever classified as private, enable the "Subnet definitions are authoritative" policy setting.If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts.Example: 3efe:1092::/96,18.1.1.1/10 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
This setting does not apply to desktop apps.Turns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment.If you enable this policy setting, it turns off Windows Network Isolation's automatic proxy discovery in the domain corporate environment. Only proxies configured with Group Policy are authoritative. This applies to both Internet and intranet proxies.If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses. For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
This setting does not apply to desktop apps.Turns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment.If you enable this policy setting, it turns off Windows Network Isolation's automatic discovery of private network hosts in the domain corporate environment. Only network hosts within the address ranges configured via Group Policy will be classified as private.If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your private network hosts in the domain corporate environment. For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting, users cannot use the Connect to a Network Projector Wizard to connect to a projector. If you disable or do not configure this policy setting, users can run the Connect to a Network Projector Wizard to connect to a projector.
This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting, users cannot use the Connect to a Network Projector Wizard to connect to a projector. If you disable or do not configure this policy setting, users can run the Connect to a Network Projector Wizard to connect to a projector.
This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting, you can enter a TCP port number for the Network Projector. If you select a TCP port that is already in use by a system, the Network Projector fails to initialize. If you enter zero (0), the operating system selects an available port. If you disable or do not configure this policy setting, the operating system selects an available port. Note: Network port usage is dependent on how the "Turn off Connect to a Network Projector" policy setting is configured.
Makes subfolders available offline whenever their parent folder is made available offline.This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.If you enable this setting, when you make a folder available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is available offline are made available offline when the parent folder is synchronized.If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline when they make a parent folder available offline.
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.Note: This setting appears in the Computer Configuration and User Configuration folders. If both poli
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.If you disable this policy setting, the list of files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for offline use).If you do not configure this policy setting, no files or folders are made available for offline use by Group Policy.Note: This setting appears in the Computer Configuration and User Configuration folders. If both poli
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting.To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they are disconnected from this server, or type "1" if they cannot.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting.Tip: To configure thi
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the default response, a user-specified response, and the response specified in the "Action on server disconnect" setting.To use this setting, click Show. In the Show Contents dialog box in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline when they are disconnected from this server, or type "1" if they cannot.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions established via this setting.Tip: To configure thi
Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.Automatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of the file on the user's computer.This setting does not limit the disk space available for files that user's make available offline manually.If you enable this setting, you can specify an automatic-cache disk space limit.If you disable this setting, the system limits the space that automatically cached files occupy to 10 percent of the space on the system drive.If you do not configure this setting, disk space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it.Tip: To change the amount of disk space used for auto
This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting, Offline Files is enabled and users cannot disable it.If you disable this policy setting, Offline Files is disabled and users cannot enable it.If you do not configure this policy setting, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user.Note: Changes to this policy setting do not take effect until the affected computer is restarted.
This policy setting determines whether offline files are encrypted.Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions.If you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface.If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface.If you do not configure this policy sett
Determines which events the Offline Files feature records in the event log.Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels."0" records an error when the offline storage cache is corrupted."1" also records an event when the server hosting the offline file is disconnected from the network."2" also records events when the local computer is connected and disconnected from the network."3" also records an event when the server hosting the offline file is reconnected to the network.Note: This setting appears in the Computer Configuration and User Configuration folders. If both s
Determines which events the Offline Files feature records in the event log.Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels."0" records an error when the offline storage cache is corrupted."1" also records an event when the server hosting the offline file is disconnected from the network."2" also records events when the local computer is connected and disconnected from the network."3" also records an event when the server hosting the offline file is reconnected to the network.Note: This setting appears in the Computer Configuration and User Configuration folders. If both s
Lists types of files that cannot be used offline.This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."This setting is designed to protect files that cannot be separated, such as database components.To use this setting, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a semicolon (;).Note: To make changes to this setting effective, you must log off and log on again.
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, you can use the "Action" box to specify how computers in the group respond.-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.-- "Never go offline" indicates that network files are not available while the server is inaccessible.If you disable this setting or select the "Work offline" option, users can work offline if disconnected.If you do not configure this setting, users can work offline by default, but they can change this option.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the set
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, you can use the "Action" box to specify how computers in the group respond.-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.-- "Never go offline" indicates that network files are not available while the server is inaccessible.If you disable this setting or select the "Work offline" option, users can work offline if disconnected.If you do not configure this setting, users can work offline by default, but they can change this option.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the set
Disables the Offline Files folder.This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
Disables the Offline Files folder.This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.This setting does not prevent users from working offline or from saving local copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline files.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click "View Files."
Prevents users from enabling, disabling, or changing the configuration of Offline Files.This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
Prevents users from enabling, disabling, or changing the configuration of Offline Files.This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.This is a comprehensive setting that locks down the configuration you establish by using other settings in this folder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.Notes:This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make available offline.Notes:This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders.If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders.Notes:This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unava
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.If you disable this policy setting, the list of files and folders is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files and folders.If you do not configure this policy setting, the "Make Available Offline" command is available for all files and folders.Notes:This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unava
Hides or displays reminder balloons, and prevents users from changing the setting.Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.If you disable the setting, the system displays the reminder balloons and prevents users from hiding them.If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tabThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configurat
Hides or displays reminder balloons, and prevents users from changing the setting.Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them.If you disable the setting, the system displays the reminder balloons and prevents users from hiding them.If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can change the setting.To prevent users from changing the setting while a setting is in effect, the system disables the "Enable reminders" option on the Offline Files tabThis setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configurat
Deletes local copies of the user's offline files when the user logs off.This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.If you disable this setting or do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use.Caution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost.
Determines how often reminder balloon updates appear.If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
Determines how often reminder balloon updates appear.If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... minutes" option.
Determines how long the first reminder balloon for a network status change is displayed.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Determines how long the first reminder balloon for a network status change is displayed.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Determines how long updated reminder balloons are displayed.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Determines how long updated reminder balloons are displayed.Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected.If you enable this setting, you can configure the threshold value that will be used to determine a slow network connection.If this setting is disabled or not configured, the default threshold value of 64,000 bps is used to determine if a network connection is considered to be slow.Note: Use the following formula when entering the slow link value: [ bps / 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.
Determines whether offline files are fully synchronized when users log off.This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To change the synchronization method without changing a setting, in Windows Explorer, on the To
Determines whether offline files are fully synchronized when users log off.This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, offline files are fully synchronized. Full synchronization ensures that offline files are complete and current.If you disable this setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure that they are current.If you do not configure this setting, the system performs a quick synchronization by default, but users can change this option.This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: To change the synchronization method without changing a setting, in Windows Explorer, on the To
Determines whether offline files are fully synchronized when users log on.This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.This setting appears in the Computer Configuration and User Configuration
Determines whether offline files are fully synchronized when users log on.This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.If you enable this setting, offline files are fully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enables logon synchronization in Synchronization Manager.If this setting is disabled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current.If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a quick synchronization by default, but users can change this option.This setting appears in the Computer Configuration and User Configuration
Determines whether offline files are synchonized before a computer is suspended.If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.If you disable or do not configuring this setting, files are not synchronized when the computer is suspended.Note: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
Determines whether offline files are synchonized before a computer is suspended.If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.If you disable or do not configuring this setting, files are not synchronized when the computer is suspended.Note: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later.If you disable this policy setting, all administratively assigned folders are synchronized at logon.
This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter.You can configure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency detection is faster. You can use wild
This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it.If you enable this policy setting, you can specify the disk space limit (in megabytes) for offline files and also specify how much of that disk space can be used by automatically cached files.If you disable this policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit.If you do not configur
This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on a regular basis.You can also configure Background Sync for network shares that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. When selected, all configured settings will apply to
This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.This policy setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip latency of the network is less than 60ms, reads
This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline.If you disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.If you disable or do not configure this policy setting, the "Work offline" command is displayed in File Explorer.
This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This may result in extra charges on cell phone or broadband plans.If this setting is disabled or not configured, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" policy to avoid network usage.
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working.Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing.If you enable this setting, peer-to-peer protocols will be turned off.If you disable this setting or do not configure it, the peer-to-peer protocols will be turned on.
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find it when needed.If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenarios).If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet.If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publish the computer or will use multicast to search for other computers on the local subnet.The multicast protocol used for bootstrapping is SSDP (Simple
This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name, retrieve the corresponding address, and establish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so that a node in the PNRP cloud can resolve names published by other nodes.PNRP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local address.If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud scope.If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and PNRP creates a cloud if the computer has an IPv6 addres
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud.This policy setting forces computers to act as clients in peer-to-peer (P2P) scenarios. For example, a client computer can detect other computers to initiate chat sessions, but other computers cannot detect that client and initiate sessions with it.If you enable this policy setting, this computer cannot register PNRP names, and cannot help other computers perform PNRP lookups.If you disable or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
This setting sets the seed server for the global cloud to a specified node in the enterprise. The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPv6 address and port number. The protocol, in some cases, requires a seed server from which to get bootstrapped.Any node running peer to peer can be used as a seed server. No configuration is needed for the seed server itself.This setting provides the added flexibility of allowing your users to use their peer-to-peer applications at home as well. Here are the four ways in which you can use this setting to control the seed server used in your corporation.1. In order to use the global, well known seed server on the Internet only; enable the setting, leave the seed server list empty, leave the checkbox unchecked.2. In order to use a corporate seed server only, enable the setting; insert the fully qualified domain name or IPv6 address of the corporate seed server; and check the checkbox. Using the corporate seed server only will
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find it when needed.If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenarios).If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet.If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publish the computer or will use multicast to search for other computers on the local subnet.The multicast protocol used for bootstrapping is SSDP (Sim
This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol, in some cases, requires a seed server from which to get bootstrapped. This setting allows for setting the seed server to a specified node in an enterprise.To use this setting, click Enable, and then enter a semicolon-delimited list of IPV6 addresses in the available field. If you enable this setting and you dont enter any address, no seed server will be used.If this setting is not configured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find it when needed.If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenarios).If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet.If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publish the computer or will use multicast to search for other computers on the local subnet.The multicast protocol used for bootstrapping is SSDP (Sim
This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol, in some cases, requires a seed server from which to get bootstrapped. This setting allows for setting the seed server to a specified node in an enterprise.To use this setting, click Enable, and then enter a semicolon-delimited list of DNS names or IPV6 addresses in the available field. If you enable this setting and you dont enter any address, no seed server will be used.If this setting is not configured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.
By default, when a Peer Group is created that allows for password-authentication (or the password for such a Group is changed), Peer Grouping validates that the password meets the password complexity requirements for the local system. Thus, it will not allow any passwords to be used for a Peer Group that are weaker than what would be allowed for a login password.This setting controls this validation behavior. If set to 1, then this validation will not be performed and any password will be allowed. If set to 0, the validation will be performed.
This policy setting allows you to configure the Family Safety feature.If you enable this policy setting, the Family Safety control panel is visible on a domain joined computer.If you disable or do not configure this policy setting, the Family Safety control panel is not visible on a domain joined computer.
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility. If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.If you disable this policy setting, the PCA does not detect compatibility issues for applications and drivers.If you do not configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.Note: This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA t
This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings: - Set BranchCache Distributed Cache mode- Set BranchCache Hosted Cache mode- Configure Hosted Cache ServersPolicy configurationSelect one of the following:- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individual client computers wh
This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache.If you disable or do not configure this policy setting, the cache is set to 5 percent of the total disk space on the client computer.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client
This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy t
This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-writ
This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache latency setting on all client compute
This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.When this policy setting
This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions."If you do not configure this setting, all clients will use the version of BranchCache that matches their operating system.Policy configurationSelect one of the following:- Not Configured. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their operating system.- Enabled. With this selection, this policy setting is applied to client computers based on the value of the option setting "Select from
This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. C
This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.If you enable this policy setting, you can configure the age for segments in the data cache.If you disable or do not configure this policy setting, the age is set to 28 days.Policy configurationSelect one of the following:- Not Configured. With this selection, BranchCache client computer cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age setting that you use on individual client computers
Turns off Tablet PC Pen Training.If you enable this policy setting, users cannot open Tablet PC Pen Training.If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
Turns off Tablet PC Pen Training.If you enable this policy setting, users cannot open Tablet PC Pen Training.If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
This policy setting removes access to the performance center control panel page.If you enable this policy setting, some settings within the performance control panel page are not displayed. The administrative tools will not be affected.If you disable or do not configure this policy setting, the performance center control panel core section is displayed to the user.
This policy setting removes access to the performance center control panel page.If you enable this policy setting, some settings within the performance control panel page are not displayed. The administrative tools will not be affected.If you disable or do not configure this policy setting, the performance center control panel core section is displayed to the user.
This policy setting removes access to the performance center control panel solutions to performance problems.If you enable this policy setting, the solutions and issue section within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do not configure this policy setting, the performance center control panel solutions to performance problems section is displayed to the user.
This policy setting removes access to the performance center control panel solutions to performance problems.If you enable this policy setting, the solutions and issue section within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do not configure this policy setting, the performance center control panel solutions to performance problems section is displayed to the user.
This policy setting removes access to the performance center control panel OEM and Microsoft branding links.If you enable this policy setting, the OEM and Microsoft web links within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do not configure this policy setting, the performance center control panel OEM and Microsoft branding links are displayed to the user.
This policy setting removes access to the performance center control panel OEM and Microsoft branding links.If you enable this policy setting, the OEM and Microsoft web links within the performance control panel page are not displayed. The administrative tools are not affectedIf you disable or do not configure this policy setting, the performance center control panel OEM and Microsoft branding links are displayed to the user.
Determines the execution level for Windows Boot Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performance problems that are handled by the DPS.If you do not configure this policy setting, the DPS will enable Windows Boot Performance for resolution by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.No system
Determines the execution level for Windows Standby/Resume Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS.If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by default.This policy setting takes effect only if the diagnostics-wide scen
Determines the execution level for Windows System Responsiveness Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows System Responsiveness problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows System Responsiveness problems and indicate to the user that assisted resolution is available.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows System Responsiveness problems that are handled by the DPS.If you do not configure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy is
Determines the execution level for Windows Shutdown Performance Diagnostics.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS.If you do not configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy is not c
This policy setting specifies whether to enable or disable tracking of responsiveness events.If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM.if you disable this policy setting, responsiveness events are not processed.If you do not configure this policy setting, the DPS will enable Windows Performance PerfTrack by default.
This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting, select one of the following actions:-Take no action-Sleep-Hibernate-Shut downIf you disable or do not configure this policy setting, users control this setting.
This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting, select one of the following actions:-Take no action-Sleep-Hibernate-Shut downIf you disable or do not configure this policy setting, users control this setting.
This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the critical notification.To set the action that is triggered, see the "Critical Battery Notification Action" policy setting.If you disable this policy setting or do not configure it, users control this setting.
This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the low notification.To set the action that is triggered, see the "Low Battery Notification Action" policy setting.If you disable this policy setting or do not configure it, users control this setting.
This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting, Windows shows a notification when the battery capacity remaining equals the low battery notification level. To configure the low battery notification level, see the "Low Battery Notification Level" policy setting.The notification will only be shown if the "Low Battery Notification Action" policy setting is configured to "No Action".If you disable or do not configure this policy setting, users can control this setting.
This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting, select one of the following actions:-Sleep-Hibernate-Shut downIf you disable this policy or do not configure this policy setting, users control this setting.
This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting, you must select the desired action.If you disable this policy setting or do not configure it, users can see and change this setting.
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting, select one of the following actions:-Sleep-Hibernate-Shut downIf you disable this policy or do not configure this policy setting, users control this setting.
This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.If you disable or do not configure this policy setting, users can see and change this setting.
This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the hard disk.If you disable or do not configure this policy setting, users can see and change this setting.
This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool. If you enable this policy setting, you must specify a power plan, specified as a GUID using the following format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the power plan to be active.If you disable or do not configure this policy setting, users can see and change this setting.
This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting.If you enable this policy setting, specify a power plan from the Active Power Plan list.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernate or suspend state.If you enable this policy setting, the client computer is locked and prompted for a password when it is resumed from a suspend or hibernate state.If you disable or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation.
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.If you disable or do not configure this policy setting, users control this setting.
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to turn off hybrid sleep.If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting, an application or service may prevent the system from sleeping (Hybrid Sleep, Stand By, or Hibernate).If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.If you disable or do not configure this policy setting, users control this setting.
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to turn off hybrid sleep.If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By).If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on.If you disable this policy setting, Windows uses the same setting regardless of users keyboard or mouse behavior.If you do not configure this policy setting, users control this setting.
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting, Windows automatically adjusts the setting based on what users do with their keyboard or mouse to keep the display on.If you disable this policy setting, Windows uses the same setting regardless of users keyboard or mouse behavior.If you do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.If you disable or do not configure this policy setting, users control this setting.
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting, Windows uses standby states to put the computer in a sleep state.If you disable or do not configure this policy setting, the only sleep state a computer may enter is hibernate.
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting, Windows uses standby states to put the computer in a sleep state.If you disable or do not configure this policy setting, the only sleep state a computer may enter is hibernate.
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for power to be safely removed.If you disable or do not configure this policy setting, the computer system safely shuts down to a fully powered-off state.
This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting, the computer automatically sleeps when network files are open.If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting, the computer automatically sleeps when network files are open.If you disable or do not configure this policy setting, the computer does not automatically sleep when network files are open.
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically reduces the brightness of the display.Windows will only reduce the brightness of the primary display integrated into the computer.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically reduces the brightness of the display.Windows will only reduce the brightness of the primary display integrated into the computer.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting, you must provide a value, in percentage, indicating the display brightness when Windows automatically reduces brightness of the display.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting, you must provide a value, in percentage, indicating the display brightness when Windows automatically reduces brightness of the display.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting, desktop background slideshow is enabled.If you disable this policy setting, the desktop background slideshow is disabled.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting, desktop background slideshow is enabled.If you disable this policy setting, the desktop background slideshow is disabled.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep.If you disable or do not configure this policy setting, users control this setting.
This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting, any application, service, or device driver prevents Windows from automatically transitioning to sleep after a period of user inactivity.If you disable or do not configure this policy setting, applications, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windows should automatically sleep.
This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the reserve power notification.If you disable or do not configure this policy setting, users can see and change this setting.
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher.The "Allow all scripts" policy setting allows all scripts to run.If you disable this policy setting, no scripts are allowed to run.Note: This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher.The "Allow all scripts" policy setting allows all scripts to run.If you disable this policy setting, no scripts are allowed to run.Note: This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the module
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the module
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a backup.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup.
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a backup.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a backup.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file and stored on the backup.
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting, users cannot list or restore previous versions of files on local disks.If you disable this policy setting, users cannot list and restore previous versions of files on local disks.If you do not configure this policy setting, it defaults to disabled.
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting, users cannot list or restore previous versions of files on local disks.If you disable this policy setting, users cannot list and restore previous versions of files on local disks.If you do not configure this policy setting, it defaults to disabled.
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button, Windows attempts to restore the file from the local disk.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting, users cannot list or restore previous versions of files on file shares.If you disable this policy setting, users can list and restore previous versions of files on file shares.If you do not configure this policy setting, it is disabled by default.
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting, users cannot list or restore previous versions of files on file shares.If you disable this policy setting, users can list and restore previous versions of files on file shares.If you do not configure this policy setting, it is disabled by default.
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share.If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file on a file share.
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.If you do not configure this policy setting, it is disabled by default.
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting, users cannot see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.If you disable this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk restore points.If you do not configure this policy setting, it is disabled by default.
Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet or an intranet. If you enable this policy setting, Internet printing is activated on this server. If you disable this policy setting or do not configure it, Internet printing is not activated. Internet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing support and this setting must be enabled. Note: This setting affects the server side of Internet printing only. It does not prevent the print client on the computer from printing across the Internet. Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolating print drivers greatly reduces the risk of a print driver failure causing an application crash.Not all applications support driver isolation. By default, Microsoft Excel 2007, Excel 2010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating print drivers, depending on whether they are configured for it.If you enable or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated.If you disable this policy setting, then print drivers will be loaded within all associated application processes.Notes:-This policy setting applies only to applications opted into isolation.-This policy setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected.-This policy setting is only checked once dur
By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also include a link to a Web page supplied by the vendor of the currently selected printer. If you enable this policy setting, you replace the "Get help with printing" default link with a link to a Web page customized for your enterprise. If you disable this setting or do not configure it, or if you do not enter an alternate Internet address, the default link will appear in the Printers folder. Note: Web pages links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then click "Enable Web content in folders.") Also, see the "Activate Internet printing" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrat
If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain controller, e.g. a domain-joined laptop on a corporate network.) If this policy setting is disabled, the network scan page will not be displayed. If this policy setting is not configured, the Add Printer wizard will display the default number of printers of each type: Directory printers: 20 TCP/IP printers: 0 Web Services printers: 0 Bluetooth printers: 10 Shared printers: 0 In order to view available Web Services printers on your network, ensure that network discovery is turned on. To turn on network discovery, click "Start", click "Control Panel", and then click "Network and Internet". On the "Network and Internet" page, click "Network and Sharing Center". On the Network and Sharing Center page, click "Change advanced sharing set
Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it, when users choose to add a network printer by selecting the "A network printer, or a printer attached to another computer" radio button on Add Printer Wizard's page 2, and also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list.If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and users cannot search the network but must type a printer name.Note: This setting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect to network printers.
When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work.This policy setting only effects printing to a Windows print server.If you enable this policy setting on a client machine, the client spooler will not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the load on the server.If you disable this policy setting on a client machine, the client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the load on the server.If you do not enable this policy setting, the behavior is the same as disabling it.Note: This policy does not determine whether offline printing will be available to the client. The client print spooler can always queue print j
Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer instead of a Graphics Processing Unit (GPU) to rasterize pages.This setting may improve the performance of the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) on machines that have a relatively powerful CPU as compared to the machines GPU.
Adds a link to an Internet or intranet Web page to the Add Printer Wizard. You can use this setting to direct users to a Web page from which they can install printers. If you enable this setting and type an Internet or intranet address in the text box, the system adds a Browse button to the "Specify a Printer" page in the Add Printer Wizard. The Browse button appears beside the "Connect to a printer on the Internet or on a home or office network" option. When users click Browse, the system opens an Internet browser and navigates to the specified URL address to display the available printers. This setting makes it easy for users to find the printers you want them to add. Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers."
Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have access to system-wide memory, and therefore poorly-written kernel-mode drivers can cause stop errors.If you disable this setting, or do not configure it, then printers using a kernel-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional.If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers will be blocked.If you enable this setting, installation of a printer using a kernel-mode driver will not be allowed.Note: By applying this policy, existing kernel-mode drivers will be disabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This setting also removes Add Printer from the Printers folder in Control Panel. Also, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears explaining that the setting prevents the action. However, this setting does not prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add printers. This setting does not delete printers that users have already added. However, if users have not added a printer when this setting is applied, they cannot print. Note: You can use printer permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a print
If this policy setting is enabled, it prevents users from deleting local and network printers. If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a setting prevents the action. This setting does not prevent users from running other programs to delete a printer. If this policy is disabled, or not configured, users can delete printers using the methods described above.
This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a domain controller, e.g. a domain-joined laptop on a home network.)If this setting is disabled, the network scan page will not be displayed.If this setting is not configured, the Add Printer wizard will display the default number of printers of each type:TCP/IP printers: 50Web Services printers: 50Bluetooth printers: 10Shared printers: 50If you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0.
This policy restricts clients computers to use package point and print only.If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
Restricts package point and print to approved servers.This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.Windows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.If this setting is disabled, or not configured, package point and print will not be restricted
This policy restricts clients computers to use package point and print only.If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
Restricts package point and print to approved servers.This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connections, and is completely independent from the "Point and Print Restrictions" policy that governs the behavior of non-package point and print connections.Windows Vista and later clients will attempt to make a non-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server.If this setting is enabled, users will only be able to package point and print to print servers approved by the network administrator. When using package point and print, client computers will check the driver signature of all drivers that are downloaded from print servers.If this setting is disabled, or not configured, package point and print will not be restricted
If this policy setting is enabled, it specifies the default location criteria used when searching for printers. This setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the "Pre-populate printer search location text" setting. When Location Tracking is enabled, the system uses the specified location as a criterion when users search for printers. The value you type here overrides the actual location of the computer conducting the search. Type the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers that you want them to use. If you disable this setting or do not configure it, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address a
Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting, users can browse for printers by location without knowing the printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by default.If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is estimated using the standard method (that is, b
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users c
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain. If you enable this policy setting: -Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users c
Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting, these searches begin at the location you specify in the "Default Active Directory path" box. Otherwise, searches begin at the root of Active Directory. This setting only provides a starting point for Active Directory searches for printers. It does not restrict user searches through Active Directory.
Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory, shared printer resources are available in Active Directory and are not announced.If you enable this setting, the print spooler announces shared printers to the print browse master servers.If you disable this setting, shared printers are not announced to print browse master servers, even if Active Directory is not available.If you do not configure this setting, shared printers are announced to browse master servers only when Active Directory is not available.Note: A client license is used each time a client computer announces a printer to a print browse master on the domain.
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default.If you disable this policy setting, the print spooler will execute print drivers in the print spooler process.Notes:-Other system or driver policy settings may alter the process in which a print driver is executed.-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.-This policy setting takes effect without restarting the print spooler service.
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.If you enable this policy setting, the print spooler isolates all print drivers that do not explicitly opt out of Driver Isolation.If you disable or do not configure this policy setting, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver.Notes:-Other system or driver policy settings may alter the process in which a print driver is executed.-This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected.-This policy setting takes effect without restarting the print spooler service.
This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local driver store and the server driver cache.If you disable this policy setting, the client computer will only search the local driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and Print connection will fail.This policy setting is not configured by default, and the behavior depends on the version of Windows that you are using.By default, Windows Ultimate, Professional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, and all versions of Windows Server 2008 R
This policy determines if v4 printer drivers are allowed to run printer extensions. V4 printer drivers may include an optional, customized user interface known as a printer extension. These extensions may provide access to more device features, but this may not be appropriate for all enterprises. If you enable this policy setting, then all printer extensions will not be allowed to run. If you disable this policy setting or do not configure it, then all printer extensions that have been installed will be allowed to run.
Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 8, Windows RT and Windows Server 2012. If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps). If you disable or do not configure this policy setting, the default MXDW output format is OpenXPS (*.oxps).
This policy controls whether the print spooler will accept client connections.When the policy is unconfigured, the spooler will not accept client connections until a user shares out a local printer or opens the print queue on a printer connection, at which point spooler will begin accepting client connections automatically.When the policy is enabled, the spooler will always accept client connections.When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.The spooler must be restarted for changes to this policy to take effect.
Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory. If you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers. If you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually. The default behavior is to automatically publish shared printers in Active Directory. Note: This setting is ignored if the "Allow printers to be published" setting is disabled.
Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest. The Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects. You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune non-republishing printers" box: -- "N
Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory. If you enable this setting, you can change the interval between contact attempts. If you do not configure or disable this setting the default values will be used. Note: This setting is used only on domain controllers.
Sets the priority of the pruning thread. The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current. The thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads. By default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service. Note: This setting is used only on domain controllers.
Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries. If you enable this setting, you can change the interval between attempts. If you do not configure or disable this setting, the default values are used. Note: This setting is used only on domain controllers.
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory. If you enable this policy setting, the contact events are recorded in the event log. If you disable or do not configure this policy setting, the contact events are not recorded in the event log. Not
Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory. If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default, the system only verifies published printers at startup. This setting allows for periodic verification while the computer is operating. To enable this additional verification, enable this setting, and then select a verification interval. To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects. If you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond. If you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network. Note: You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts.
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.If this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users.When enabled, this setting takes precedence over the other settings in this folder.This setting does not prevent users from using other tools and methods to install or uninstall programs.
This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.If this setting is disabled or not configured, "Programs and Features" will be available to all users.This setting does not prevent users from using other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to all users.This setting does not prevent users from using other tools and methods to install or uninstall programs.
This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.The Set Program Access and Computer Defaults page allows administrators to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations.If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users.This setting does not prevent users from using other tools and methods to change program access or defaults.This setting does not prevent the Default Programs icon from appearing on the Start menu.
This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.Windows Marketplace allows users to purchase and/or download various programs to their computer for installation.Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will be available to all users.Note: If the "Hide Programs control Panel" setting is enabled, this setting is ignored.
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the netowrk" task. The "Get Programs" page lists published programs and provides an easy way to install them.Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable users to install them without having to search for installation files.If this setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Programs" page to install published programs. Enabling this feature does not prevent users from installing programs by using other methods. Users will still
This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs. As a result, users cannot view, enable, or disable various Windows features and services.If this setting is disabled or is not configured, the "Turn Windows features on or off" task will be available to all users.This setting does not prevent users from using other tools and methods to configure services or enable or disable program components.
This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting, all affected computers that are running Password Synchronization log intermediate steps for password synchronization attempts.If you disable or do not configure this policy setting, individual computers that are running Password Synchronization log steps of password synchronization attempts based upon how the "Enable extensive logging" setting on the Configuration tab of the Password Synchronization Properties dialog box is configured.
This policy setting allows an administrator to set the number of password synchronization retries that Password Synchronization can attempt, in the event a synchronization attempt fails.If you enable this policy setting, the number of retries specified in the policy setting applies to all affected computers in the domain that are running Password Synchronization.If you disable or do not configure this policy setting, individual computers that are running Password Synchronization retry synchronization the number of times specified on the Configuration tab of the Password Synchronization Properties dialog box.Note: Valid values that can be specified for the number of retries are whole numbers 0 through 9. The default value, if the policy setting is enabled, is 3.
This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting, all affected computers that are running Password Synchronization automatically update a user's UNIX-based account password when the password is changed in the Windows environment, if the user account has been migrated to Active Directory Domain Services.If you disable or do not configure this policy setting, individual computers that are running Password Synchronization synchronize changes to UNIX-based user account passwords based upon how the "Windows to NIS (Active Directory) password synchronization" setting on the Configuration tab of the Password Synchronization Properties dialog box is configured.
This policy setting allows a Password Synchronization administrator to configure the interval, in seconds, between synchronization retries in the event that a synchronization attempt fails.If you enable this policy setting, the specified retry interval in the policy setting is used by all affected computers that are running Password Synchronization.If you disable or do not configure this policy setting, individual computers that are running Password Synchronization use the synchronization retry interval specified on the Configuration tab of the Password Synchronization Properties dialog box.Note: Valid values for the interval between retries are whole numbers from 1 through 600. The default value, if the policy setting is enabled, is 120.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Best Effort service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Controlled Load service type.If you disable this setting, the system uses the default DSCP value of 24 (0x18).Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type.If you disable this setting, the system uses the default DSCP value of 40 (0x28).Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Network Control service type.If you disable this setting, the system uses the default DSCP value of 48 (0x30).Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Qualitative service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Best Effort service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Controlled Load service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Network Control service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting, you can change the default DSCP value associated with the Qualitative service type.If you disable this setting, the system uses the default DSCP value of 0.Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit, the Packet Scheduler postpones all submissions to network adapters until the number falls below this limit."Outstanding packets" are packets that the Packet Scheduler has submitted to a network adapter for transmission, but which have not yet been sent.If you enable this setting, you can limit the number of outstanding packets.If you disable this setting or do not configure it, then the setting has no effect on the system.Important: If the maximum number of outstanding packets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default, the Packet Scheduler limits the system to 80 percent of the bandwidth of a connection, but you can use this setting to override the default.If you enable this setting, you can use the "Bandwidth limit" box to adjust the amount of bandwidth the system can reserve.If you disable this setting or do not configure it, the system uses the default value of 80 percent of the connection.Important: If a bandwidth limit is set for a particular network adapter in the registry, this setting is ignored when configuring that network adapter.
Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting, you can override the default timer resolution established for the system, usually units of 10 microseconds.If you disable this setting or do not configure it, the setting has no effect on the system.Important: If a timer resolution is specified in the registry for a particular network adapter, then this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with the Best Effort service type.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with the Controlled Load service type.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with the Guaranteed service type.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with the Network Control service type.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with nonconforming packets.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for nonconforming packets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting, you can change the default priority value associated with the Qualitative service type.If you disable this setting, the system uses the default priority value of 0.Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel, and to respond to WMI requests.If you enable or do not configure this policy setting, the listed providers will respond to WMI queries, and Reliability Monitor will display system reliability information.If you disable this policy setting, Reliability Monitor will not display system reliability information, and WMI-capable applications will be unable to access reliability information from the listed providers.
Determines the execution level for Windows Resource Exhaustion Detection and Resolution.If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.If you do not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.This policy setting takes effect only if the diagnostics-wide scenario execution policy
Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") appears on the "Advanced recovery methods" page of Recovery (in Control Panel) and will allow the user to restore the computer to the original state or from a user-created system image. This is the default setting. If you disable this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") in Recovery (in Control Panel) will be unavailable. However, with this policy setting disabled, users can still restore the computer to the original state or from a user-created system imag
This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.If you disable this policy setting, the Persistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded.If you do not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginning with Windows Server 2003.Note: This feature might interfere with power configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Control Panel.
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting, error reporting includes unplanned shutdown events.If you disable this policy setting, unplanned shutdown events are not included in error reporting.If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdown events" by default.Also see the "Configure Error Reporting" policy setting.
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting, the System State Data feature is activated when the user indicates that the shutdown or restart is unplanned.If you disable this policy setting, the System State Data feature is never activated.If you do not configure this policy setting, the default behavior for the System State Data feature occurs.Note: By default, the System State Data feature is always enabled on Windows Server 2003. See "Supported on" for all supported versions.
The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.If you enable this policy setting and choose "Server Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running Windows Server. (See "Supported on" for supported versions.)If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for supported versions.)If you disable this policy setting, the Shutdown Event Tracker is not displayed when you shut down the computer.If you do not configure this policy setting, the def
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting, log files are generated.If you disable this policy setting, log files are not generated.If you do not configure this setting, application-based settings are used.
This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
This policy setting allows you to improve performance in low bandwidth scenarios.This setting is incrementally scaled from "No optimization" to "Full optimization". Each incremental setting includes the previous optimization setting.For example:"Turn off background" will include the following optimizations:-No full window drag-Turn off background"Full optimization" will include the following optimizations:-Use 16-bit color (8-bit color in Windows Vista)-Turn off font smoothing (not supported in Windows Vista)-No full window drag-Turn off backgroundIf you enable this policy setting, bandwidth optimization occurs at the level specified.If you disable this policy setting, application-based settings are used.If you do not configure this policy setting, application-based settings are used.
This policy setting lets you customize warning messages.The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.If you disable this policy setting, the user sees the default warning message.If you do not configure this policy setting, the user sees the default warning message.
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."The "Maximum ticket time" policy settin
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.To configure the list of helpers, click "Show." In the window that opens, you can enter
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.If you disable or do not configure this setting, the operating system does not force a reboot.Note: If no reboot is forced, the access right does not take effect until the operating system is restarted.
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.If you enable this policy setting, you can set the number of seconds you want the system to wait until a reboot.If you disable or do not configure this setting, the operating system does not force a reboot.Note: If no reboot is forced, the access right does not take effect until the operating system is restarted.
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting, execute access is denied to this removable storage class.If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
This policy setting denies read access to custom removable storage classes.If you enable this policy setting, read access is denied to these removable storage classes.If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
This policy setting denies read access to custom removable storage classes.If you enable this policy setting, read access is denied to these removable storage classes.If you disable or do not configure this policy setting, read access is allowed to these removable storage classes.
This policy setting denies write access to custom removable storage classes.If you enable this policy setting, write access is denied to these removable storage classes.If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
This policy setting denies write access to custom removable storage classes.If you enable this policy setting, write access is denied to these removable storage classes.If you disable or do not configure this policy setting, write access is allowed to these removable storage classes.
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives.If you enable this policy setting, execute access is denied to this removable storage class.If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
This policy setting denies read access to removable disks.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies read access to removable disks.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies write access to removable disks.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.Note: To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
This policy setting denies write access to removable disks.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.Note: To require that users write data to BitLocker-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives."
This policy setting denies execute access to removable disks.If you enable this policy setting, execute access is denied to this removable storage class.If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.If you enable this policy setting, no access is allowed to any removable storage class.If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.If you enable this policy setting, no access is allowed to any removable storage class.If you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting, execute access is denied to this removable storage class.If you disable or do not configure this policy setting, execute access is allowed to this removable storage class.
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, read access is denied to this removable storage class.If you disable or do not configure this policy setting, read access is allowed to this removable storage class.
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.If you enable this policy setting, write access is denied to this removable storage class.If you disable or do not configure this policy setting, write access is allowed to this removable storage class.
This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting, remote users can open direct handles to removable storage devices in remote sessions.If you disable or do not configure this policy setting, remote users cannot open direct handles to removable storage devices in remote sessions.
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.If you do not configure this policy setting, it remains disabled. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.Note: This policy will not be applied
This policy setting controls whether the RPC runtime generates extended error information when an error occurs.Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition.If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition.If you enable this policy setting, the RPC runtime will generate extended error information. You must select an error response type in the drop-down box.-- "Off" disables all extended error information for all processes. RPC only generates an error code.-- "On with Exceptions" enables extended error information, but lets you disable it for selected process
This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation. If you enable this policy setting
This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.This policy setting is only applicable when the RPC Client, the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of Windows, this policy setting will be ignored.The minimum allowed value for this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours).If you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be use
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting. If you do not configure this policy setting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. If you enable this policy setting, it directs the RPC server ru
This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.If you disable this policy setting, the RPC runtime defaults to "Auto2" level.If you do not configure this policy setting, the RPC defaults to "Auto2" level. If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.-- "None" indicates that the system does not maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations.-- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.-- "Auto2" directs RPC to maintain basic state information only if the comput
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. This interval is particularly important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the ""Run logon scripts synchronously"" setting to direct the system to wait for the logon scripts to complete before loading the desktop. An excessively long interval can de
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.If you enable this setting, Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier.If you disable or do not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier.Also, see the "Run Logon Scripts Visible" setting.
This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.If you enable this policy setting, the system displays each instruction in the logoff script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.If you disable or do not configure this policy setting, the instructions are suppressed.
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.If you disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously.This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.If you enable this policy setting, the system displays each instruction in the logon script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users.If you disable or do not configure this policy setting, the instructions are suppressed.
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. For example, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following computer startup scripts:GPO B: B.cmd, B.ps1GPO C: C.cmd, C.ps1Assume also that there are two computers, DesktopIT and DesktopSales. For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:Within GPO B: B.ps1, B.cmdWithin GPO C: C.ps1, C.cmd For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the fo
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following user logon scripts:GPO B: B.cmd, B.ps1GPO C: C.cmd, C.ps1Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:Within GPO B: B.ps1, B.cmdWithin GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:Within GPO B: B.cmd, B.ps1Within
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts. If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following user logon scripts:GPO B: B.cmd, B.ps1GPO C: C.cmd, C.ps1Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:Within GPO B: B.ps1, B.cmdWithin GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:Within GPO B: B.cmd, B.ps1Within
This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.If you enable this policy setting, the system displays each instruction in the shutdown script as it runs. The instructions appear in a command window.If you disable or do not configure this policy setting, the instructions are suppressed.
This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.If you enable this policy setting, the system does not coordinate the running of startup scripts. As a result, startup scripts can run simultaneously.If you disable or do not configure this policy setting, a startup cannot run until the previous script is complete.Note: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the ""Run startup scripts visible"" policy setting is enabled or not.
This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.If you enable this policy setting, the system displays each instruction in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users.If you disable or do not configure this policy setting, the instructions are suppressed.Note: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether this policy setting is enabled or not.
This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured.If you disable or do not configure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the DNS suffixes are not configured.
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel.Note that this setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files.
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
Determines whether scheduled diagnostics will run to proactively detect and resolve system problems.If you enable this policy setting, you must choose an execution level. If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution. If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis.If you do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default.No reboots or service restarts are required for this policy to take effect: changes take effect immediately.This policy set
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured, users will be able to add UNC locations to the index.This policy has no effect if the Files on Microsoft Networks add-in is not installed.Disabled by default.
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured, users will be able to add UNC locations to the index.This policy has no effect if the Files on Microsoft Networks add-in is not installed.Disabled by default.
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files.
If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index. Default is disabled.
If enabled, the indexer pauses whenever the computer is running on battery. If disabled, the indexing follows the default behavior. Default is disabled.
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can be opened. Disabled by default.
This policy setting allows words that contain diacritic characters to be treated as separate words. If you enable this policy setting, words that only differ in diacritics are treated as different words. If you disable this policy setting, words with diacritics and words without diacritics are treated as identical words. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. Note: By default, the Control Panel setting is set to treat words that differ only because of diacritics as the same word.
This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing history. If you enable this policy setting, Windows will always use automatic language detection to index (as it did in Windows 7). Using automatic language detection can increase memory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. If you disable or do not configure this policy setting, Windows will use automatic language detection only when it can determine the language of a document with high confidence.
This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting, Windows Search is prevented from automatically adding shared folders to the index. Windows Search does not automatically add shares created on the computer to the scope of the index.If you disable or do not configure this policy setting, Windows Search monitors which folders are shared or not shared on this computer, and automatically adds them to or removes them from the index.
This policy setting allows you to enable or disable the Add/Remove location options on the All Locations menu as well as any defined locations that were made by a user. When this policy is not configured, the default behavior is to allow users to add and remove new locations to the locations menu. When the policy is enabled, the Add and Remove locations options and any previously defined user locations will not be visible. When the policy is disabled, both the Add and Remove locations options as well as any previously specified user locations will be visible.
This policy setting hides or displays the Advanced Options dialog for Search and Indexing Options in the Control Panel.If you enable this policy setting, the Advanced Options dialog for Search and Indexing Options in the Control Panel cannot be opened.If you disable or do not configure this policy setting, users can acess the Advanced Options dialog for Search and Indexing Options in the Control Panel. This is the default for this policy setting.
If enabled, files on network shares made available offline are not indexed. Otherwise they are indexed. Disabled by default.
Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cached mode. The default behavior for search is to not index uncached Exchange folders. Disabling this policy will block any indexing of uncached Exchange folders. Delegate mailboxes are managed separately from online mailboxes. The "Enable Indexing of Uncached Exchange Folders" has no effect on delegate mailboxes. To stop indexing of online and delegate mailboxes you must disable both policies.
Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example, contacts or a calendar). This policy will not affect portions of a delegate mailbox that are cached locally. To have this policy affect all parts of a delegate mailbox, ensure that for Microsoft Outlook 2007 no portions of the delegate mailbox are cached locally. The default behavior for Search is to not index online delegate mailboxes. Disabling this policy will block any indexing of online delegate mailboxes. Online delegate mailboxes are managed separately from online mailboxes. The "Enable Indexing of Uncached Exchange Folders" policy has no effect on online delegate mailboxes. To stop indexing of online mailboxes and online delegate mailboxes you must disable both policies.
When using Microsoft Office Outlook in online mode, you can enable this policy to control how fast online mail is indexed on a Microsoft Exchange server. The lower you set this policy, the lower the burden will be on the corresponding Microsoft Exchange server. The default value for this policy is 120 items per minute. To lower the burden on Microsoft Exchange servers, lower the rate of items indexed per minute. If you disable this policy, then online mail items will be indexed at the speed that the Microsoft Exchange server can support. If you set this policy to not configured, then online mail items will be indexed at the speed of 120 items per minute. This policy has no effect on mail items when using Microsoft Office Outlook in cached mode.
Enable this policy to prevent indexing of any Microsoft Outlook items. The default is to automatically index Outlook items. If this policy is enabled then the user's Outlook items will not be added to the index and the user will not see them in search results.
Enable this policy setting to prevent the indexing of the content of e-mail attachments. If enabled, indexing service components (including non-Microsoft components) are expected not to index e-mail attachments. Consider enabling this policy if you are concerned about the security or indexing performance of non-Microsoft document filters (iFilters). This policy is disabled by default.
Enabling this policy defines a semicolon-delimited list of file extensions which will be allowed to have rich attachment previews.When this policy is disabled or not configured the default settings will be set to .bmp;.emf;.gif;.jpg;.jpeg;.png;.wmf;.wrn;.txt;.err;.xml;.cpp;.c;.h;.cxx;.hxx;.idl;.cs;.vb;.idl;.xsd;.doc;.docx;.xls;.xlsx;.ppt;.pptx;.vsd;.xlsb;.xltx;.dot;.rtf
Enable this policy to prevent indexing public folders in Microsoft Office Outlook. When this policy is disabled or not configured, the user has the option to index cached public folders in Outlook. Public folders are only indexed when using Outlook 2003 or later. The user must be running in cached mode and the Download Public Folder Favorites option must be turned on.
Store indexer database in this directory. This directory must be located on a local fixed drive.
Enabling this policy allows you to add a primary intranet search location within Windows Desktop Search. The value of this text should be:name,urlFor example:Intranet,http://intranetsearch.aspx?k=$w You must provide the following:1) A name for the scope, such as 'Intranet'.2) The URL to the search service. Use $w in place of the query term for the search service URL.If your intranet search service is SharePoint Portal Server, your query should resemble the following:http://sitename/Search.aspx?k=$wIf your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033.http://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$wThis adds intranet search location to:1) The Windows Deskbar2) The Desktop Search results search box3) The WDS search box in Search Companion
Enabling this policy allows you to add intranet search locations in addition to the primary intranet search location defined in the Add Primary Intranet Search Location policy. The value of this text should be:name1,url1;name2,url2;...nameN,urlNFor example:MySearch,http://mysearch.aspx?q=$w;MySearch2,http://mysearch2?q=$w.For each search scope, provide:1) A name for the scope, such as 'IT Web'.2) The URL to the search service. Use $w in place of the query term for the search service URL.If your intranet search service is SharePoint Portal Server, your query should resemble the following:http://sitename/Search.aspx?k=$wIf your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033.http://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$wThese additional intranet search locations are added to the All Locations list in the Desktop Search results.
Enabling this policy allows you to set the location of the preview pane in the Desktop Search results. You can also turn off the preview pane. The four options are:- Auto- Right- Bottom- OffYou should consider enabling this policy to turn off the preview pane if your environment does not support Office XP or later. The full preview pane functionality is only available for Office documents in Office XP or later.When this policy is disabled or not configured, the preview pane shows automatically to the right of the Desktop Search results, and your users can choose the location of the preview pane
Enabling this policy allows you to specify whether you want large icon or small icon view for your Desktop Search results. The two options are:- Large Icon- Small Icon.If you have disabled the preview pane because your organization does not support Office XP or above, you should enforce the large icon view so that users can see snippets related to their desktop search query.When this policy is disabled or not configured, the default is small icon view.
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 2147483647 MB.Enable this policy if computers in your environment have extremely limited hard drive space.When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
Enabling this policy prevents Windows Desktop Search from using iFilters and protocol handlers unless they are specified in the allow list. However, This policy will not prevent iFilters or protocol handlers from being installed, nor will it prevent them from being used by other applications or services. You can also specify an allow list of add-ins by providing the classID or ProgId string. For example, if you plan to deploy a particular iFilter, make sure that this iFilter is on the allow list, either as a GUID such as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (include the braces) or a ProgID such as VisFilter.CFilter.1.If you maintain a locked desktop environment, this setting is redundant because non-administrative users do not have permission to install new components. If your users have Administrator permissions or can install software, this policy prevents them from specifically using Windows Desktop Search-related add-ins.Note: Because of a limitation in the Group Policy editor, you must add at least on
Enabling this policy removes the option of searching the Web from Windows Desktop Search.When this policy is disabled or not configured, the Web option is available and users can search the Web via their default browser search engine.
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts with one of the paths you specified.If you enable and then disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not restored.
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts with one of the paths you specified. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be indexed under the "Computer Configuration" Group Policy.If you enable and then disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not restored.
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing.
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be included for indexing if these are only specified in the Group Policy under "User Configuration." To include a file system path for indexing, please specify the file system path to be indexed under the "Computer Configuration" Group Policy.
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing.
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis, this policy setting will work only if a protocol handler referencing a SID-based user scope, such as MAPI, is specified. File system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be indexed under the "Computer Configuration" Group Policy.
Enabling this policy allows you to edit the list of file types to exclude from indexing. The end user cannot modify this list. You should separate each extension type with a semicolon.Note that limitations of Group Policy Object Editor require this list to be split across multiple values. Desktop Search combines all these into a single exclusion list.When this policy is disabled or not configured, the user can edit the default list of excluded file types. If you enable and then disable this policy, the user's original list is restored.If you want to specify an initial default list of excluded file types that users can change later, see the administration guide for information about how to set up the initial machine preference.
This policy setting prevents search queries from being stored in the registry. If you enable this policy setting, search suggestions based on previous searches won't appear in the search pane. Search suggestions provided by apps or by Windows based on local content will still appear.If you disable or do not configure this policy setting, users will get search suggestions based on previous searches in the search pane.
This policy setting allows selecting of OCR (Optical Character Recognition) languages that belong to one of the supported code pages. If you enable this policy setting, the selected OCR languages are used in OCR processing during the indexing of TIFF files. The default system language is ignored unless it is among the selected OCR languages. If you disable or do not configure this policy setting, only the default system language is used.All selected OCR languages must belong to the same code page. If you select languages from more than one code page, the entire OCR language selection is ignored and only the default system language is used.Re-indexing is not initiated when you enable this policy and selecting OCR languages. This policy setting only applies to the indexing of new files, unless re-indexing is initiated manually.
This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document, which allows indexing of all recognized text. By default, the TIFF IFilter optimizes its performance by skipping OCR (Optical Character Recognition) for document pages that have non-textual content (for example, pictures). In some cases, pages that contain text can be misclassified as non-text pages. If this is the case, the text in these pages will not be indexed. If you enable this setting, TIFF IFilter will perform OCR for every page in a TIFF document to index all recognized text. Therefore, the OCR process will be slower. This decrease in performance can be significant if there are lots of non-textual pages (pictures) in TIFF documents on the system. If you disable or do not configure this setting, TIFF IFilter will optimize its performance by skipping non-textual content during the OCR process.
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed. Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.If you do not congifure this policy setting, the Security Center is turned off for domain members. If you enable this policy setting, Security Center is turned on for all users. If you disable this policy setting, Security Center is turned off for domain members.Windows XP
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature. If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. If you disable or do not configure this policy setting, all location scripts will run.
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. If you disable or do not configure this policy setting, all location scripts will run.
This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting, Server Manager is not displayed automatically when a user logs on to the server.If you disable this policy setting, Server Manager is displayed automatically when a user logs on to the server.If you do not configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or Do not start Server Manager automatically at logon (Windows Server 2012) option is selected, the console is not displayed automatically at logon.Note: Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar.
This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you are managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the Configure Refresh Interval setting (in Windows Server 2008 and Windows Server 2008 R2), or the Refresh the data shown in Server Manager every *x+ *minutes/hours/days+ setting (in Windows Server 2012) that is configured in the Server Manager console.If you disable this policy setting, Server Manager does not refresh automatically. If you do not configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.Note: The default refresh interval for Server Manager is two minutes in Windo
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting, the Initial Configuration Tasks window is not displayed when an administrator logs on to the server. If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server.If you do not configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. However, if an administrator selects the "Do not show this window at logon" option, the window is not displayed on subsequent logons.
This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting, the Manage Your Server page is not displayed each time an administrator logs on to the server. If you disable or do not configure this policy setting, the Manage Your Server page is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Dont display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed.
This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when each path is separated by a semicolon. The network location can be either a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with wim: and include the index of the image to use in the WIM file. For example wim:\\server\share\install.wim:3.If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setting, the files wi
Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.If you enable this policy setting, "sync your settings" will be turned off, and none of the "sync your setting" groups will be synced on this PC.Use the option "Allow users to turn syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, "sync your settings" is on by default and configurable by the user.
Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the "sync your settings" page in PC settings.If you enable this policy setting, the "app settings" group will not be synced.Use the option "Allow users to turn app settings syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, syncing of the "app settings" group is on by default and configurable by the user.
Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sync your settings" page in PC settings.If you enable this policy setting, the "passwords" group will not be synced.Use the option "Allow users to turn passwords syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, syncing of the "passwords" group is on by default and configurable by the user.
Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "sync your settings" page in PC settings.If you enable this policy setting, the "personalize" group will not be synced.Use the option "Allow users to turn personalize syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, syncing of the "personalize" group is on by default and configurable by the user.
Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows settings" group on the "sync your settings" page in PC settings.If you enable this policy setting, the "Other Windows settings" group will not be synced.Use the option "Allow users to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop personalization" group on the "sync your settings" page in PC settings.If you enable this policy setting, the "desktop personalization" group will not be synced.Use the option "Allow users to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled.If you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
Prevent the "browser" group from syncing to and from this PC. This turns off and disables the "browser" group on the "sync your settings" page in PC settings. The "browser" group contains settings and info like history and favorites.If you enable this policy setting, the "browser" group, including info like history and favorites, will not be synced.Use the option "Allow users to turn browser syncing on" so that syncing is turned off by default but not disabled.If you do not set or disable this setting, syncing of the "browser" group is on by default and configurable by the user.
Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on metered connections" switch on the "sync your settings" page in PC Settings.If you enable this policy setting, syncing on metered connections will be turned off, and no syncing will take place when this PC is on a metered connection.If you do not set or disable this setting, syncing on metered connections is configurable by the user.
Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting, enter the fully qualified path to the new location in the "Windows Service Pack Setup file path" box.If you disable or do not configure this policy setting, the Windows Service Pack Setup source path will be the location used during the last time Windows Service Pack Setup was run on the system.
Specifies an alternate location for Windows installation files.If you enable this policy setting, enter the fully qualified path to the new location in the "Windows Setup file path" box. If you disable or do not configure this policy setting, the Windows Setup source path will be the location used during the last time Windows Setup was run on the system.
Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft.If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft.If you do not configure this policy, Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy, Tablet PC users cannot choose to share writing samples from the handwriting recognition personalization tool with Microsoft.If you disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with Microsoft.If you do not configure this policy, Tablet PC users can choose whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders.If you disable or don't configure this policy setting, users can share files out of their user profile after an administrator has opted in the computer.
This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a homegroup on a private network.If you enable this policy setting, users cannot add computers to a homegroup. This policy setting does not affect other network sharing features.If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer is not shared with the homegroup.This policy setting is not configured by default.You must restart the computer for this policy setting to take effect.
This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files normally.Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.If you disable this policy setting or do not configure it, users can run Regedit.exe normally.To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
Limits the Windows programs that users have permission to run on the computer.If you enable this policy setting, users can only run programs that you add to the list of allowed applications.If you disable this policy setting or do not configure it, users can run all applications.This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., W
Prevents Windows from running the programs you specify in this policy setting.If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.If you disable this policy setting or do not configure it, users can run any programs.This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winw
This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting, the Welcome Center is not displayed at user logon. The user can access the Welcome Center using the Control Panel or Start menu.If you disable or do not configure this policy setting, the Welcome Center is displayed at user logon.
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.If you enable this setting, desktop gadgets will be turned off.If you disable or do not configure this setting, desktop gadgets will be turned on.The default is for desktop gadgets to be turned on.
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.If you enable this setting, desktop gadgets will be turned off.If you disable or do not configure this setting, desktop gadgets will be turned on.The default is for desktop gadgets to be turned on.
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.If you enable this setting, gadgets that have not been digitally signed will not be extracted.If you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.The default is for Windows to extract both signed and unsigned gadgets.
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.If you enable this setting, gadgets that have not been digitally signed will not be extracted.If you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.The default is for Windows to extract both signed and unsigned gadgets.
This policy setting allows you to turn off desktop gadgets that have been installed by the user.If you enable this setting, Windows will not run any user-installed gadgets.If you disable or do not configure this setting, Windows will run user-installed gadgets.The default is for Windows to run user installed gadgets.
This policy setting allows you to turn off desktop gadgets that have been installed by the user.If you enable this setting, Windows will not run any user-installed gadgets.If you disable or do not configure this setting, Windows will run user-installed gadgets.The default is for Windows to run user installed gadgets.
This policy setting deletes all data stored on Windows SideShow-compatible devices (running Microsoft firmware) when a user logs off from the computer. This is a security precaution but it significantly limits the usefulness of the devices.If you enable this policy setting, all data stored on devices running Microsoft firmware will be deleted when a user logs off from the computer. Data will be re-sent to the device when the user logs on again.If you disable or do not configure this policy setting, data will not be deleted from these devices when users log off from the computer. Users can enable this setting in the Windows SideShow Control Panel.Note Devices not running Microsoft firmware will not be affected by this policy setting.
This policy setting deletes all data stored on Windows SideShow-compatible devices (running Microsoft firmware) when a user logs off from the computer. This is a security precaution but it significantly limits the usefulness of the devices.If you enable this policy setting, all data stored on devices running Microsoft firmware will be deleted when a user logs off from the computer. Data will be re-sent to the device when the user logs on again.If you disable or do not configure this policy setting, data will not be deleted from these devices when users log off from the computer. Users can enable this setting in the Windows SideShow Control Panel.Note Devices not running Microsoft firmware will not be affected by this policy setting.
This policy setting turns off Windows SideShow.If you enable this policy setting, the Windows SideShow Control Panel will be disabled and data from Windows SideShow-compatible gadgets (applications) will not be sent to connected devices. If you disable or do not configure this policy setting, Windows SideShow is on by default.
This policy setting turns off Windows SideShow.If you enable this policy setting, the Windows SideShow Control Panel will be disabled and data from Windows SideShow-compatible gadgets (applications) will not be sent to connected devices. If you disable or do not configure this policy setting, Windows SideShow is on by default.
This policy setting turns off the option to periodically wake the computer to update information on Windows SideShow-compatible devices.If you enable this policy setting, the option to automatically wake the computer will not be available in the Windows SideShow Control Panel.If you disable or do not configure this policy setting, the option to automatically wake the computer will be available in the Windows SideShow Control Panel. However, the option will be disabled by default.Note Information on Windows SideShow-compatible devices will only be updated when the computer is on and awake.
This policy setting turns off the option to periodically wake the computer to update information on Windows SideShow-compatible devices.If you enable this policy setting, the option to automatically wake the computer will not be available in the Windows SideShow Control Panel.If you disable or do not configure this policy setting, the option to automatically wake the computer will be available in the Windows SideShow Control Panel. However, the option will be disabled by default.Note Information on Windows SideShow-compatible devices will only be updated when the computer is on and awake.
This policy setting requires users to enter a default personal identification number (PIN) to unlock and access data on the device after a specified period of inactivity (time-out period). This setting applies to Windows SideShow-compatible devices running Microsoft firmware.If you enable this policy setting, users will be required to enter the default PIN to unlock and access data on the device after the specified time-out period.Note Users can change the PIN and time-out periods on the device settings page in the Windows SideShow Control Panel.If you disable or do not configure this policy setting, users will not be required to enter a default PIN to unlock and access data on the device after a specified time-out period. However, users can choose to turn on PIN locking and can change the time-out period in the Windows SideShow Control Panel.Note Devices not running Microsoft firmware will not be affected by this policy setting.Note There is a fixed set of time-out periods which includes: after 1 minu
This policy setting requires users to enter a default personal identification number (PIN) to unlock and access data on the device after a specified period of inactivity (time-out period). This setting applies to Windows SideShow-compatible devices running Microsoft firmware.If you enable this policy setting, users will be required to enter the default PIN to unlock and access data on the device after the specified time-out period.Note Users can change the PIN and time-out periods on the device settings page in the Windows SideShow Control Panel.If you disable or do not configure this policy setting, users will not be required to enter a default PIN to unlock and access data on the device after a specified time-out period. However, users can choose to turn on PIN locking and can change the time-out period in the Windows SideShow Control Panel.Note Devices not running Microsoft firmware will not be affected by this policy setting.Note There is a fixed set of time-out periods which includes: after 1 minu
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.If you enable this policy setting, certificates with the following attributes can also be used to log on with a smart card:- Certificates with no EKU- Certificates with an All Purpose EKU- Certificates with a Client Authentication EKUIf you disable or do not configure this policy setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting, the integrated unblock feature will be available.If you disable or do not configure this policy setting then the integrated unblock feature will not be available.
This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN). If there are two or more of the "same" certificate on a smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. Note: This setting will be applied after the following policy: "Allow time invalid certificates"If you enable or do not configure this pol
This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CSP.If you disable or do not configure this setting, Windows will only attempt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the default will not be available for logon.
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting, any available smart card signature key-based certificates will not be listed on the logon screen.
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine. If you enable this policy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired.If you disable or do not configure this policy setting, certificates which are expired or not yet valid will not be listed on the logon screen.
This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting, certificate propagation will not occur and the certificates will not be made available to applications such as Outlook.
This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.
This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked. Note: The following policy setting must be enabled - Allow Integrated Unblock screen to be displayed at the time of logon.If you disable or do not configure this policy setting, the default message will be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.If you enable this policy setting or do not configure this setting, then the subject name will be reversed. If you disable , the subject name will be displayed as it appears in the certificate.
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Credential Manager does not return a plaintext PIN. If you disable or do not configure this policy setting, plaintext PINs can be returned by Credential Manager.Note: Enabling this policy setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether you will be affected by this policy setting.
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed.If you disable or do not configure this policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.
This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inserted in a Smart Card Reader.Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.If you disable this policy setting, a confirmation message will not be displayed when a smart card device driver is installed.Note: This policy setting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting. Note: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting, intermediate steps of NIS map updates or propagations, and whether map updates are successful, are logged for all affected computers that are running Server for NIS.If you disable or do not configure this policy setting, individual computers that are running the Server for NIS log steps of map propagations based upon how the "NIS map propagation logging" policy setting on the Logging tab of the Server for NIS Properties dialog box is configured.
This policy setting allows a Server for NIS administrator to configure an update interval for pushing Network Information Service (NIS) maps to NIS subordinate servers.If you enable this policy setting, the map update interval specified in this policy setting is applied to all affected domain controllers that are running Server for NIS.If you disable or do not configure this policy setting, individual computers that are running Server for NIS use the map update interval specified on the General tab of the Server for NIS Properties dialog box.Note: Valid values for intervals are whole numbers in the following ranges: days, 0 through 99999; hours, 0 through 23; minutes, 0 through 59. The default value, if the policy setting is enabled, is one day.
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.Note: This policy setting has no effect if the SNMP agent is not i
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.Note: This setting has no effect if the SNMP agent is not installed on the client computer.Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting, Sound Recorder will not run.If you disable or do not configure this policy setting, Sound Recorder can be run.
Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting, Sound Recorder will not run.If you disable or do not configure this policy setting, Sound Recorder can be run.
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy, and supplement these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.If you enable this policy setting, the Classification tab is displayed.If you disable or do not configure this policy setting, the Classification tab is hidden.
This policy setting controls which set of properties is available for classifying files on affected computers.Administrators can define the properties for the organization by using Active Directory Domain Services (AD DS), and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.If you enable this policy setting, you can select which list of properties is available for classification on the affected computers. If you disable or do not configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties.
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
If you enable this policy the start menu will not show a link to the Games folder.If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box. If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box. If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
If you enable this policy setting the Start menu search box will not search for files.If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.
If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
If you enable this policy the start menu search box will not search for communications.If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
If you enable this policy the start menu will not show a link to the user's storage folder.If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
If you enable this setting, the Run command is added to the Start menu. If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties. If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.
This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
Clear history of recently opened documents on exit.If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.Note: The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder.Also, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected.This setting does not clear the list of recent files that Windows programs displ
This policy only applies to the classic version of the start menu and does not affect the new style start menu.Adds the "Log Off <username>" item to the Start menu and prevents users from removing it.If you enable this setting, the Log Off <username> item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off <username> item from the Start Menu.If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.Note: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.
Displays Start menu shortcuts to partially installed programs in gray text.This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.Partially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.If you disable this setting or do not configure it, all Start menu shortcuts appear as black text.Note: Enabling this setting can make the Start menu slow to open.
Disables personalized menus.Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.If you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect.Note: Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting.Tip: To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option.
This setting affects the taskbar, which is used to switch between running applications.The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.If you disable this setting or do not configure it, the user can configure the taskbar position.Note: Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
This setting affects the notification area, also called the "system tray."The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."If you enable this setting, the system notification area expands to show all of the notifications that use this area.If you disable this setting, the system notification area will always collapse notifications.If you do not configure it, the user can choose if they want notifications collapsed.
Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
Prevents users from using the drag-and-drop method to reorder or remove items on the Start menu. Also, it removes context menus from the Start menu.If you disable this setting or do not configure it, users can remove or reorder Start menu items by dragging and dropping the item. They can display context menus by right-clicking a Start menu item.This setting does not prevent users from using other methods of customizing the Start menu or performing the tasks available from the context menus.Also, see the "Prevent changes to Taskbar and Start Menu Settings" and the "Remove access to the context menus for taskbar" settings.
If you enable this setting, the system deletes tile notifications when the user logs off. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs off.If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.Note: Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.
Removes items in the All Users profile from the Programs menu on the Start menu.By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.Tip: To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
Prevents users from adding the Favorites menu to the Start menu or classic Start menu.If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.If you disable or do not configure this setting, the Display Favorite item is available.Note:The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.Note:The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.Note:This setting only affects the Start menu. The Favorites item still appears in File Expl
This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.Note: Enabling this policy setting also prevents the user from using the F3 key.In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.This policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.If you disable or do not configure this policy
If you enable this setting, the frequently used programs list is removed from the Start menu.If you disable this setting or do not configure it, the frequently used programs list remains on the simple Start menu.
This policy setting allows you to remove the Help command from the Start menu.If you enable this policy setting, the Help command is removed from the Start menu.If you disable or do not configure this policy setting, the Help command is available from the Start menu.This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
This policy setting allows you to turn off user tracking.If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus".This policy setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting, the "All Programs" item is removed from the simple Start menu. The Start Screen will show the All Apps view, but it will only contain items that are pinned to start.If you disable or do not configure this policy setting, the "All Programs" item remains on the simple Start menu.
This policy setting allows you to remove Network Connections from the Start Menu.If you enable this policy setting, users are prevented from running Network Connections.Enabling this policy setting prevents the Network Connections folder from opening. This policy setting also removes Network Connections from Settings on the Start menu.Network Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.If you disable or do not configure this policy setting, Network Connections is available from the Start Menu.Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections).
If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu. In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting, the system and Windows programs do not create shortcuts to documents opened while the setting is in effect. Also, they retain but do not display existing document shortcuts. The system empties the Recent Items menu on the Start menu, and Windows programs do not display shortcuts at the bottom of the File menu. In addition, the Jump Lists off of programs in the Start Menu and Taskbar do not show lists of recently or frequently used files, folders, or websites.If you disable or do not configure this setting, the system will store and display shortcuts to recently and frequently used files, folders, and websites.Note: The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder.Also, see the "Remove Recent Items menu from Start Menu" and "Clear history of recently opened documents on exit" policies in this folder.If you
Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu.The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.If you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on.If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu.When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it.If the setting is not configured, users can turn the Recent Items menu on and off.Note: This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting.This setting also does
This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.Note: This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.Note: This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.If you enable this setting, the following changes occur:(1) The Run command is removed from the Start menu.(2) The New Task (Run) command is removed from Task Manager.(3) The user will be blocked from entering the following into the Internet Explorer Address Bar:--- A UNC path: \\<server>\<share> ---Accessing local drives: e.g., C:--- Accessing local folders: e.g., \temp>Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.Note:This setting affects the specified interface only. It does not prevent users from using other methods to run programs.Note: It is a requirement for third-party applications with Windows 2000 or later certification to a
This policy setting allows you to remove programs on Settings menu.If you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System.If you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting, the Default Programs link is removed from the Start menu.Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.If you disable or do not configure this policy setting, the Default Programs link is available from the Start menu.Note: This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
This policy setting allows you to remove the Documents icon from the Start menu and its submenus.If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.Note: To make changes to this policy setting effective, you must log off and then log on.If you disable or do not configure this policy setting, he Documents icon is available from the Start menu.Also, see the "Remove Documents icon on the desktop" policy setting.
This policy setting allows you to remove the Music icon from Start Menu.If you enable this policy setting, the Music icon is no longer available from Start Menu.If you disable or do not configure this policy setting, the Music icon is available from Start Menu.
This policy setting allows you to remove the Network icon from Start Menu.If you enable this policy setting, the Network icon is no longer available from Start Menu.If you disable or do not configure this policy setting, the Network icon is available from Start Menu.
This policy setting allows you to remove the Pictures icon from Start Menu.If you enable this policy setting, the Pictures icon is no longer available from Start Menu.If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.
Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.Note that this setting hides all user-specific folders, not just those associated with redirected folders.If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
This setting affects the presentation of the Start menu.The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.If you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.If you do not configure this setting, the default is the new style, and the user can change the view.
Prevents the clock in the system notification area from being displayed.If you enable this setting, the clock will not be displayed in the system notification area.If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled.If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
This setting affects the taskbar.The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.If this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.If you disable or do not configure this policy setting, the context menus for the taskbar are available.This policy setting does not prevent users from using other methods to issue the commands that appear on these menus.
This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled, the users entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock.If this setting is disabled or is not configured, the notification area is shown in the user's taskbar.Note: Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons.
This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting.If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.Enabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.Windows Update, the online extension of Windows, offers software updates to keep a users system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.If you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting, the Log Off <username> item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off <username> item to the Start Menu.If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.See also: "Remove Logoff" policy setting in User Configuration\Administra
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu. If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting, the Start Menu does not show a link to the Downloads folder.If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.
This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.
This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting, the Start Menu does not show a link to the Videos library.If you disable or do not configure this policy setting, the Videos link is available from the Start Menu.
If you enable this setting, users cannot uninstall apps from Start.If you disable this setting or do not configure it, users can access the uninstall command from Start
Set the default action of the power button on the Start menu.If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.If you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down.If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
This policy setting shows or hides the "Run as different user" command on the Start application bar.If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality.If you disable this setting or do not configure it, users cannot access the "Run as different user" command from Start for any applications.Note: This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
This policy setting turns the Accounting feature on or off.If you enable this policy setting, Windows System Resource Manager (WSRM) starts accounting various usage statistics of the processes.If you disable this policy setting, WSRM stops logging usage statistics of processes.If you do not configure this policy setting, users can specify whether accounting needs to be turned on or off.The accounting processes are disabled by default.The accounting database provides an interface you can use to manage both the information in the database and the physical size of the database. Managing database information involves finding relevant information and then organizing it efficiently. Managing the physical size of the database requires regular attention because, unless it is configured to do otherwise, Windows System Resource Manager continues to store accounting information. As a result, the size of the database continues to increase. To manage the size of the database, you can archive accounting data for later use
This setting assigns the email address(es) to which notifications will be sent. Use a semicolon (;) to separate multiple email addresses.If you enable this setting, Windows System Resource Manager (WSRM) will send notifications to the address(es) specified.If you disable this setting, no email addresses (default value) will be set.If you do not configure this setting, the user may specify e-mail addresses to receive notifications. This value can be e-mail aliases or e-mail address including domain name (for example, someone@example.com).Depending on the events selected for notification, these email addresses will be notified.Note : To receive notifications, the notifications setting on the event log must be turned ON. To view the list of events, click Error, Warning, or Information, and then click OK. If you select Error, Warning, or Information, all of the individual events in that category are included.
This setting directs the Accounting feature to log data on the accounting server at the specified time interval.If you enable this setting, Windows System Resource Manager (WSRM) will set the accounting time interval to the value specified.If you disable this setting, the default value of 10 minutes will be set.If you do not configure this setting, the user may specify an accounting interval.The value is specified in minutes and can range between 2 minutes and 60000 minutes. Ten minutes is provided as the default value as this would be an optimal value if there are many servers logging data remotely. Setting an accounting record write interval value less than 10 minutes for a server on a network with more than 20 machines logging data remotely can possibly degrade performance.Note : Set the accounting record write interval to a higher value as the number of machines increases on the network to reduce network congestion.
This policy setting assigns the address of the SMTP server that sends out notifications.If you enable this policy setting, Windows System Resource Manager (WSRM) sets the SMTP server to the value specified.If you disable this policy setting, no SMTP server (default value) is set.If you do not configure this policy setting, the user may specify an SMTP server.This value can be the NetBIOS name or the fully qualified domain name (FQDN) of the Simple Mail Transfer Protocol (SMTP) server. This server contains the email addresses that are configured to receive notifications.Note: To receive email notifications, the notifications setting on the event log must be turned on. To view the list of events, click Error, Warning, or Information, and then click OK. If you select Error, Warning, or Information, all of the individual events in that category are included.
Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting.If you enable this policy setting, the option to configure System Restore through System Protection is disabled.If you disable or do not configure this policy setting, users can change the System Restore settings through System Protection. Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten.
Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options.Caution: If you enable both the Prevent Input Panel from appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel taskbar icon policy, the us
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel tab will not appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in Input Panel Options.Caution: If you enable both the Prevent Input Panel from appearing next to text entry areas policy and the Prevent Input Panel tab from appearing policy, and disable the Show Input Panel taskbar icon policy, the us
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when using a tablet pen as an input device.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.Cautio
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when using a tablet pen as an input device.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will never appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will appear next to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.Cautio
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when a user is using touch input.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when a user is using touch input.Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will never appear next to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista). These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy and choose Low from the drop-down box, password security is set to Low. At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Medium-Low from the drop-down box, password security is set to Medium-Low. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowe
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista). These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or character pad), and not showing what keys are tapped when entering a password.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy and choose Low from the drop-down box, password security is set to Low. At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Medium-Low from the drop-down box, password security is set to Medium-Low. At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowe
Switches the gesture set used for editing from the common handheld computer gestures to the Simplified Chinese (PRC) standard gestures.Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, the Simplified Chinese (PRC) editing gestures will be used. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, the common handheld editing gesture set will be used. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, the common handheld editing gesture set will be used. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista.
Switches the gesture set used for editing from the common handheld computer gestures to the Simplified Chinese (PRC) standard gestures.Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, the Simplified Chinese (PRC) editing gestures will be used. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, the common handheld editing gesture set will be used. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, the common handheld editing gesture set will be used. Users will be able to configure this setting on the Advanced tab in Input Panel Options in Windows 7 and Windows Vista.
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options (in Windows 7 and Windows Vista only) only when these input languages or keyboards are installed. Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified), Chinese (Traditional), Japanese, and Korean. This setting appears in Input Panel Options (in Windows 7 and Windows Vista only) only when these input languages or keyboards are installed. Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, rarely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting is converted to typed text. Users will not be
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. The tolerant gestures let users scratch out ink in Input Panel by using strikethrough and other scratch-out gesture shapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose All from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy an
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. The tolerant gestures let users scratch out ink in Input Panel by using strikethrough and other scratch-out gesture shapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose All from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose Tolerant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy an
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista.
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts.If you enable this policy, Input Panel will not provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box.If you do not configure this policy, Input Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Options in Windows 7 and Windows Vista.
Prevents start of InkBall game.If you enable this policy, the InkBall game will not run.If you disable this policy, the InkBall game will run.If you do not configure this policy, the InkBall game will run.
Prevents start of InkBall game.If you enable this policy, the InkBall game will not run.If you disable this policy, the InkBall game will run.If you do not configure this policy, the InkBall game will run.
Prevents start of Windows Journal.If you enable this policy, the Windows Journal accessory will not run.If you disable this policy, the Windows Journal accessory will run.If you do not configure this policy, the Windows Journal accessory will run.
Prevents start of Windows Journal.If you enable this policy, the Windows Journal accessory will not run.If you disable this policy, the Windows Journal accessory will run.If you do not configure this policy, the Windows Journal accessory will run.
Prevents printing to Journal Note Writer.If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.If you disable this policy, you will be able to use this feature to print to a Journal Note.If you do not configure this policy, users will be able to use this feature to print to a Journal Note.
Prevents printing to Journal Note Writer.If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but attempts to print to it will fail.If you disable this policy, you will be able to use this feature to print to a Journal Note.If you do not configure this policy, users will be able to use this feature to print to a Journal Note.
Prevents the snipping tool from running.If you enable this policy setting, the Snipping Tool will not run.If you disable this policy setting, the Snipping Tool will run.If you do not configure this policy setting, the Snipping Tool will run.
Prevents the snipping tool from running.If you enable this policy setting, the Snipping Tool will not run.If you disable this policy setting, the Snipping Tool will run.If you do not configure this policy setting, the Snipping Tool will run.
Disables visual pen action feedback, except for press and hold feedback.If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.If you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel.
Disables visual pen action feedback, except for press and hold feedback.If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown instead of the pen cursors.If you disable or do not configure this policy, visual feedback and pen cursors will be shown unless the user disables them in Control Panel.
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.If you enable this policy, a button assigned to Back will not map to ESC.If you disable this policy, Back->ESC mapping will occur.If you do not configure this policy, Back->ESC mapping will occur.
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior.If you enable this policy, a button assigned to Back will not map to ESC.If you disable this policy, Back->ESC mapping will occur.If you do not configure this policy, Back->ESC mapping will occur.
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy, applications cannot be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab).If you disable this policy, applications can be launched from a hardware button.If you do not configure this policy, applications can be launched from a hardware button.
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy, applications cannot be launched from a hardware button, and "Launch an application" is removed from the drop down menu for configuring button actions (in the Tablet PC Control Panel buttons tab).If you disable this policy, applications can be launched from a hardware button.If you do not configure this policy, applications can be launched from a hardware button.
Prevents press and hold actions on hardware buttons, so that only one action is available per button.If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator."If you disable this policy, press and hold actions for buttons will be available.If you do not configure this policy, press and hold actions will be available.
Prevents press and hold actions on hardware buttons, so that only one action is available per button.If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the following text: "Some settings are controlled by Group Policy. If a setting is unavailable, contact your system administrator."If you disable this policy, press and hold actions for buttons will be available.If you do not configure this policy, press and hold actions will be available.
Turns off Tablet PC hardware buttons.If you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.If you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed.
Turns off Tablet PC hardware buttons.If you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed.If you disable this policy, user and OEM defined button actions will occur when the buttons are pressed.If you do not configure this policy, user and OEM defined button actions will occur when the buttons are pressed.
Makes pen flicks learning mode unavailable.If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy.If you disable or do not configure this policy, all the features described above will be available.
Makes pen flicks learning mode unavailable.If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted to learning mode applications. This means that the pen flicks training triggers in Internet Explorer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable pen flicks policy.If you disable or do not configure this policy, all the features described above will be available.
Makes pen flicks and all related features unavailable.If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon.If you disable or do not configure this policy, pen flicks and related features are available.
Makes pen flicks and all related features unavailable.If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Internet Explorer, the pen flicks notification and the pen flicks tray icon.If you disable or do not configure this policy, pen flicks and related features are available.
This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting, the battery meter is not displayed in the system notification area.If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.
This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting, the networking icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.
This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting, the volume control icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.
This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting, the Action Center icon is not displayed in the system notification area.If you disable or do not configure this policy setting, the Action Center icon is displayed in the system notification area.
This policy setting allows you to lock all taskbar settings.If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.
This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.
This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.
This policy setting allows you to turn off all notification balloons.If you enable this policy setting, no notification balloons are shown to the user.If you disable or do not configure this policy setting, notification balloons are shown to the user.
This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting, users are not be able to resize their taskbar.If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.
This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.If you disable do not configure this policy setting, feature advertisement balloons are shown.
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.If you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.Note: This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the ""Do not allow pinning items in Jump Lists"" policy setting.
This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
This policy setting allows you to prevent taskbars from being displayed on more than one monitor.If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.If you disable or do not configure this policy setting, users can show taskbars on more than one display.
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for existing tasks.This setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the "Run" box or the "Start in" box that determine the program and path for a task.As a result, when users create a task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the se
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for existing tasks.This setting removes the Browse button from the Schedule Task Wizard and from the Task tab of the properties dialog box for a task. Also, users cannot edit the "Run" box or the "Start in" box that determine the program and path for a task.As a result, when users create a task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs.Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the se
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.The checkbox, when checked, instructs Task Scheduler to automatically open the newly created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting is Disabled or Not Configured.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Scheduled Task Wizard. This policy is only designed to simplify task creation for beginning users.The checkbox, when checked, instructs Task Scheduler to automatically open the newly created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setting is Disabled or Not Configured.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.This setting disables the Cut, Copy, Paste, and Paste Shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.This setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.This setting disables the Cut, Copy, Paste, and Paste Shortcut items on the context menu and the Edit menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.This setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Prevents users from starting and stopping tasks manually.This setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Prevents users from starting and stopping tasks manually.This setting removes the Run and End Task items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Prevents users from viewing and changing the properties of an existing task.This setting removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.This setting prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: This setting affects existing tasks only. To prevent users from changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.
Prevents users from viewing and changing the properties of an existing task.This setting removes the Properties item from the File menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.This setting prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Tip: This setting affects existing tasks only. To prevent users from changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.
Prevents users from creating new tasks.This setting removes the Add Scheduled Task item that starts the New Task Wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Important: This setting does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
Prevents users from creating new tasks.This setting removes the Add Scheduled Task item that starts the New Task Wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Important: This setting does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
Prevents users from deleting tasks from the Scheduled Tasks folder.This setting removes the Delete command from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
Prevents users from deleting tasks from the Scheduled Tasks folder.This setting removes the Delete command from the Edit menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.If you disable or do not configure this policy setting, the local host setting is used.If you enable this policy setting, you can configure ISATAP with one of the following settings:Policy Default State: If the ISATAP router name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP router name is not resolved successfully, ISATAP connectivity is not available on the host using the corresponding IPv4 address.Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each
This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.If you disable or do not configure this policy setting, the local host setting is used.
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.If you disable or do not configure this policy setting, the local host setting is used.If you enable this policy setting, you can configure 6to4 with one of the following settings:Policy Default State: 6to4 is enabled if the host has only link-local IPv6 connectivity and a public IPv4 address. If no global IPv6 address is present and no global IPv4 address is present, the host will not have a 6to4 interface. If no global IPv6 address is present and a global IPv4 address is present, the host will have a 6to4 interface.Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no gl
This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting, you can specify a relay name for a 6to4 host.If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host.
This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.If you disable or do not configure this policy setting, the local host setting is used.
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.If you disable or do not configure this policy setting, the local host settings are used.If you enable this policy setting, you can configure Teredo with one of the following settings:Default: The default state is "Client."Disabled: No Teredo interfaces are present on the host.Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.
This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name.
This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.If you enable this policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent.If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds.
This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.If you enable this policy setting, you can customize a UDP port for the Teredo client.If you disable or do not configure this policy setting, the local host setting is used.
This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.If you disable or do not configure this policy setting, the local host setting is used.This policy setting contains only one state:Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds.
This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.If you disable or do not configure this policy setting, the local host settings are used.If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings:Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options.Policy Disabled State: No IP-HTTPS interfaces are present on the host.
This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting, the local host settings are used.If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures.If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems casued by Firewalls or other middle boxes.
This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.Note: Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.If you enable this policy setting, users cannot redirect Clipboard data.If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.
This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting, wallpaper is not displayed in a Remote Desktop Services session. If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, depending on the client configuration. If you do not configure this policy setting, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.
This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, or through Group Policy.If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.Note: If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session, or whether they can only start programs that are listed in the RemoteApp programs list.You can control which programs on an RD Session Host server can be started remotely by using the RemoteApp Manager on Windows Server 2008 R2 and Windows Server 2008. If you are using Windows Server 2012, you can configure this in the Collection properties sheet by using Server Manager.By default, only programs in the RemoteApp Programs list can be started when a user starts a Remote Desktop Services session.If you enable this policy setting, remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session. For example, a remote user can do this by specifying the program's executable path at connection time by using the Remote Desktop Connection client.If you disable or do not configure this policy setting, remo
This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero, such as translucent windows, for remote desktop sessions. Because Windows Aero requires additional system and bandwidth resources, allowing desktop composition for remote desktop sessions can reduce connection performance, particularly over slow links, and increase the load on the remote computer. If you enable this policy setting, desktop composition will be allowed for remote desktop sessions. On the client computer, you can configure desktop composition on the Experience tab in Remote Desktop Connection (RDC) or by using the "allow desktop composition" setting in a Remote Desktop Protocol (.rdp) file. In addition, the client computer must have the necessary hardware to support Windows Aero features.Note: Additional configuration might be necessary on the remote comput
This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting, RD Connection Broker redirects users who do not have an existing session to the RD Session Host server in the farm with the fewest sessions. Redirection behavior for users with existing sessions is not affected. If the server is configured to use RD Connection Broker, users who have an existing session are redirected to the RD Session Host server where their session exists. If you disable this policy setting, users who do not have an existing session log on to the first RD Session Host server to which they connect.If you do not configure this policy setting, you can configure the RD Session Host server to participate in RD Connection Broker load balancing by using the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI provider.Note: If you enable this policy setting, you
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting, only the default client printer is redirected in Remote Desktop Services sessions.If you disable or do not configure this policy setting, all client printers are redirected in Remote Desktop Services sessions.
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting, only the default client printer is redirected in Remote Desktop Services sessions.If you disable or do not configure this policy setting, all client printers are redirected in Remote Desktop Services sessions.
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the RD Session Host server.By default, if a user closes a RemoteApp program, the session is disconnected from the RD Session Host server. If you enable this policy setting, when a user closes a RemoteApp program, the RemoteApp session will remain in a disconnected state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server.If you disable or do not configure this policy setting, when a user closes a RemoteApp program, the session will be disconnected from the RD Session Host server.Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are c
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the RD Session Host server.By default, if a user closes a RemoteApp program, the session is disconnected from the RD Session Host server. If you enable this policy setting, when a user closes a RemoteApp program, the RemoteApp session will remain in a disconnected state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server.If you disable or do not configure this policy setting, when a user closes a RemoteApp program, the session will be disconnected from the RD Session Host server.Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are c
This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth, especially when you are using an LCD monitor. Because font smoothing requires additional bandwidth resources, not allowing font smoothing for remote connections can improve connection performance, particularly over slow links. By default, font smoothing is allowed for remote connections. You can configure font smoothing on the Experience tab in Remote Desktop Connection (RDC) or by using the "allow font smoothing" setting in a Remote Desktop Protocol (.rdp) file. If you enable this policy setting, font smoothing will not be allowed for remote connections, even if font smoothing is enabled in RDC or in the .rdp file. If you disable or do not configure this policy setting, font smoothing is allowed for remote connections.
This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example, 192.0.2.96/24. If you enable this policy setting, the specified IP address and network mask are used to select the network adapter used for the virtual IP addresses.If you disable or do not configure this policy setting, Remote Desktop IP Virtualization is turned off. A network adapter must be configured for Remote Desktop IP Virtualization to work.
This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting, the IP address of the RD Session Host server is not used if a virtual IP is not available. The session will not have network connectivity.If you disable or do not configure this policy setting, the IP address of the RD Session Host server is used if a virtual IP is not available.
Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server, based on the number of sessions and the demand for processor time within each session. If you enable this policy setting, Fair Share CPU Scheduling is turned off. If you disable or do not configure this policy setting, Fair Share CPU Scheduling is turned on.
This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default, Windows Installer RDS Compatibility is turned on. If you enable this policy setting, Windows Installer RDS Compatibility is turned off, and only one instance of the msiexec process can run at a time. If you disable or do not configure this policy setting, Windows Installer RDS Compatibility is turned on, and multiple per user application installation requests are queued and handled by the msiexec process in the order in which they are received.
This policy setting specifies whether Remote Desktop IP Virtualization is turned on. By default, Remote Desktop IP Virtualization is turned off.If you enable this policy setting, Remote Desktop IP Virtualization is turned on. You can select the mode in which this setting is applied. If you are using Per Program mode, you must enter a list of programs to use virtual IP addresses. List each program on a separate line (do not enter any blank lines between programs). For example:explorer.exemstsc.exeIf you disable or do not configure this policy setting, Remote Desktop IP Virtualization is turned off.
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting, all Remote Desktop Services sessions on the RD Session Host server use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.If you disable or do not configure this policy setting, all Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter.NOTE: The policy setting affects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected by this policy setting.
This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.If yo
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.If you enable this policy setting, the RemoteFX experience could be set to one of the following options:1. Let the system choose the experience for the network condition2. Optimize for server scalability3. Optimize for minimum bandwidth usageIf you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting, connections from RDP 8.0-compatible client computers to this computer will use RDP 8.0. Computers that are not compatible with RDP 8.0 will use a compatible earlier version of RDP.If the policy setting is enabled, the following functionality will not be available:1. Administrator shadow, which allows remote monitoring of users sessions2. Desktop Composition and Aero experience, unless this computer is configured to use a RemoteFX VGPUFor more information, see http://go.microsoft.com/fwlink/?LinkID=251814.If you disable or do not configure this policy setting, client computers, including computers that are compatible with RDP 8.0, will only use RDP 7.1 or an earlier version of RDP.Note: This policy setting does not apply to connections that use RemoteFX VGPU. Connec
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality.If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.If you disable or do not configure this policy setting, Remote Desktop Pro
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting, you must specify if you would like RDP to use UDP.You can select one of the following options: "Use both UDP and TCP (default)", "Use only TCP" or "Use either UDP or TCP"If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
Controls whether a user can save passwords using Remote Desktop Connection.If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
Controls whether passwords can be saved on this computer from Remote Desktop Connection.If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
This policy setting specifies whether to require the use of a specific encryption level to secure communications between client computerss and RD Session Host servers during Remote Desktop Protocol (RDP) connections.If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. U
This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available:* Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated.* RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated.* SSL (TLS 1.0): The SSL
This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.If you do not configure this policy setting, the local setting on
This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.A certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communication between a client and an RD Session Host server during RDP connections.If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected.If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specif
Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authenti
If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting.You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance s
Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.Note: It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alt
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five second intervals.If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.If the status is set to Disabled, automatic reconnection of clients is prohibited.If the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load. If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used. If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level. Note: 1.Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional. 2.The value specified in this policy setting is no
This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Component
This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions.If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration.If the status is set to Not Configured, the default behavior applies.
This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.If you enable this policy setting, logging off the connected administrator is not allowed.If you disable or do not configure this policy setting, logging off the connected administrator is allowed.Note: The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.
This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: 1. Remote Desktop license servers that are published in Active Directory Domain Services. 2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level.
This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.If you enable this policy setting, these notifications will not be displayed on the RD Session Host server.If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator.
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server.If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the serve
This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box.If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box.Note: This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Li
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.
This policy setting allows you to specify the level of remote control permitted in a Remote Desktop Services session.You can use this policy setting to select one of two levels of remote control: View Session or Full Control. View Session permits the remote control user to watch a session. Full Control permits the administrator to interact with the session. Remote control can be established with or without the user's permission.If you enable this policy setting, administrators can remotely interact with a user's Remote Desktop Services session according to the specified rules. To set these rules, select the desired level of control and permission in the Options list. To disable remote control, select "No remote control allowed."If you disable or do not configure this policy setting, remote control rules are determined by the setting on the Remote Control tab in the Remote Desktop Session Host Configuration tool. By default, remote control users have full control of the session with the user's permission.Note
This policy setting allows you to specify the level of remote control permitted in a Remote Desktop Services session.You can use this policy setting to select one of two levels of remote control: View Session or Full Control. View Session permits the remote control user to watch a session. Full Control permits the administrator to interact with the session. Remote control can be established with or without the user's permission.If you enable this policy setting, administrators can remotely interact with a user's Remote Desktop Services session according to the specified rules. To set these rules, select the desired level of control and permission in the Options list. To disable remote control, select "No remote control allowed."If you disable or do not configure this policy setting, remote control rules are determined by the setting on the Remote Control tab in the Remote Desktop Session Host Configuration tool. By default, remote control users have full control of the session with the user's permission.Note
This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
Configures Remote Desktop Services to run a specified program automatically upon connection.You can use this setting to specify a program to run automatically when a user logs on to a remote computer.By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified progr
Configures Remote Desktop Services to run a specified program automatically upon connection.You can use this setting to specify a program to run automatically when a user logs on to a remote computer.By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified progr
This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only.If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.Note: If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session.To use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the drive letter to which you want the network share to be mapped.If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon.Note: The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home director
This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles.If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Service
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server.Note:For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.Note: If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.If you disable or do not configure this policy setting, no
This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server.By default, the RDS Endpoint Servers group is empty.If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting.Note
This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following:* A client connecting to a Windows Server 2003 terminal server* A client connecting to a Windows 2000 terminal serverIf you enable this policy setting, the license server will only issue a t
This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.If you enable this policy setting, audio and video playback redi
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. For example, if the audio playback quality configur
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2. If you enable this policy setting, audio recording redirection is allowed.If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level.
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.If you enable this policy setting, users cannot redirect Clipboard data.If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.
This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.If you enable this policy setting, users cannot redirect server data to the local COM port.If you disable this policy setting, Remote Desktop Services always allows COM port redirection.If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level.
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.If you enable this policy setting, the default printer is the printer specified on the remote computer.If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.If you do not configure this policy setting, the default printer is not specified at the Group Policy level.
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior.If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.If you disable this policy setting, LPT port redirection is always allowed.If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.
This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you disable or do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer.Note: You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.If you disable this policy setting, users can redirect print jobs with client printer mapping.If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level.
This policy setting allows you to specify the RD Session Host server fallback printer driver behavior.By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are:"Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior."Default to PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver."Default t
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.Note: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.Note: Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 and later.
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.If the status is set to Not Configured, unsecured communication is allowed.Note: The RPC interface is used for administering and configuring Remote Desktop Services.
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.If the policy setting is
This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services.If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level. Notes: 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. 2. For Windows
This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server
This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level.Notes: 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. 2. This policy setting is not effective unless the Join RD Connection Broker po
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.If you do not configure this policy setting, Remote Desktop Services disconnects
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.If you do not configure this policy setting, Remote Desktop Services disconnects
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configura
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configura
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windo
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windo
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off.If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session.If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise.If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator.Note: This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid.If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise.If you do not configure this policy setting, per-session temporary folders are created unless the server administrato
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.Notes:You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.This policy setting overrides the behavior of the "Allow .rd
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.Note:You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.This policy setting overrides the behavior of the "Allow .rdp
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials.Note: If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remo
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting, you must specify one of the following settings:Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.If you disable or do not configure
This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered. If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode consumes the lowest amount of network bandwidth of the quality modes. If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.If you enable this policy setting, the RemoteFX experience could be set to one of the following options:1. Let the system choose the experience for the network condition2. Optimize for server scalability3. Optimize for minimum bandwidth usageIf you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used.You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. E
This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account.For this change to take effect, you must restart Windows.
This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.If you disable this policy setting, RemoteFX will be disabled.If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate an
This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host server so that the sessions are compatible with non-Windows thin client devices designed for Windows Server 2008 R2 SP1. These clients only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you disable or do not configure this policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec will not be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1, and does not affect clients that are using other RDP versions.
This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.The default connection URL must be configured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx. If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL.If you disable or do not configure this policy setting, the user has no default connection URL.Note: RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect. If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.If you disable or do not configure this policy setting, Remote Desktop P
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting, you must specify if you would like RDP to use UDP.You can select one of the following options: "Use both UDP and TCP (default)", "Use only TCP" or "Use either UDP or TCP" If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.File Explorer displays thumbnail images by default. If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.File Explorer displays thumbnail images on network folders by default.If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
Turns off the caching of thumbnails in hidden thumbs.db files.This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
Turn off Tablet PC touch inputTurns off touch input, which allows the user to interact with their computer using their finger.If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.If you do not configure this setting, touch input is on by default.Note: Changes to this setting will not take effect until the user logs off.
Turn off Tablet PC touch inputTurns off touch input, which allows the user to interact with their computer using their finger.If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.If you do not configure this setting, touch input is on by default.Note: Changes to this setting will not take effect until the user logs off.
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.If you enable this setting, the user will not be able to pan windows by touch. If you disable this setting, the user can pan windows by touch.If you do not configure this setting, Touch Panning is on by default.Note: Changes to this setting will not take effect until the user logs off.
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.If you enable this setting, the user will not be able to pan windows by touch. If you disable this setting, the user can pan windows by touch.If you do not configure this setting, Touch Panning is on by default.Note: Changes to this setting will not take effect until the user logs off.
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of Trusted Platform Module (TPM) owner information. TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can only be run by the TPM owner. This hash authorizes the TPM to run these commands. If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. By enabling this policy setting, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS. Note: You must first set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. Consult online documentation for more information about setting up Active Directory Domain Services for TPM.Note: The TPM
This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none. If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM w
This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command, run "tpm.msc" and navigate to the "Command Management" section.If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting aga
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands.
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands. If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM. This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. The Standard User Lockout Threshold Individual value is the maximum number
This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. This value is the maximum number of authorization failu
This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. The Standard User Individual Lockout
This setting lets you prevent users from running the Backup Status and Configuration program, which links to the file backup, file restore, and Complete PC Backup applications, and shows backup status. If you enable this policy setting, users cannot start the Backup Status and Configuration program. If you disable or do not configure this policy setting, users can start the Backup Status and Configuration program.
This setting lets you prevent users from running the Backup Status and Configuration program, which links to the file backup, file restore, and Complete PC Backup applications, and shows backup status. If you enable this policy setting, users cannot start the Backup Status and Configuration program. If you disable or do not configure this policy setting, users can start the Backup Status and Configuration program.
This setting lets you prevent users from selecting a local disk (internal or external) for storing backups. If you enable this policy setting, users are prevented from selecting a local disk as a backup location. If you disable or do not configure this policy setting, users can select a local disk as a backup location.
This setting lets you prevent users from selecting a local disk (internal or external) for storing backups. If you enable this policy setting, users are prevented from selecting a local disk as a backup location. If you disable or do not configure this policy setting, users can select a local disk as a backup location.
This policy setting lets you prevent users from selecting a network location for storing backups. If you enable this policy setting, users are blocked from selecting a network location as a backup location. If disable or do not configure this policy setting, users can select a network location as a backup location.
This policy setting lets you prevent users from selecting a network location for storing backups. If you enable this policy setting, users are blocked from selecting a network location as a backup location. If disable or do not configure this policy setting, users can select a network location as a backup location.
This policy setting lets you prevent users from selecting optical media (CD/DVD) for storing backups. If you enable this policy setting, users are blocked from selecting optical media as a backup location. If you disable or do not configure this policy setting, users can select optical media as a backup location.
This policy setting lets you prevent users from selecting optical media (CD/DVD) for storing backups. If you enable this policy setting, users are blocked from selecting optical media as a backup location. If you disable or do not configure this policy setting, users can select optical media as a backup location.
This setting lets you disable the data file backup functionality. If you enable this policy setting, users cannot back up data files. If you disable or do not configure this policy setting, users can back up data files.
This setting lets you disable the data file backup functionality. If you enable this policy setting, users cannot back up data files. If you disable or do not configure this policy setting, users can back up data files.
This setting lets you disable file restore functionality. If you enable this policy setting, the file restore program is disabled. If you disable or do not configure this policy setting, the file restore program is enabled and users can restore files.
This setting lets you disable file restore functionality. If you enable this policy setting, the file restore program is disabled. If you disable or do not configure this policy setting, the file restore program is enabled and users can restore files.
This setting lets you disable the creation of system images. If you enable this policy setting, users cannot create system images. If you disable or do not configure this policy setting, users can create system images.
This setting lets you disable the creation of system images. If you enable this policy setting, users cannot create system images. If you disable or do not configure this policy setting, users can create system images.
This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.For the Windows XP Professional and Windows 2000 Professional operating systems, the default file permissions for the newly generated profile are full control, or read and write access for the user, and no file access for the administrators group.By configuring this policy setting, you can alter this behavior.If you enable this policy setting, the administrator group is also given full control to the user's profile folder.If you disable or do not configure this policy setting, only the user is given full control of their user profile, and the administrators group has no file system access to this folder.Note: If the policy setting is enabled after the profile is created, the policy setting has no effect.Note: The policy settin
This policy setting disables the more secure default setting for the user's roaming user profile folder.After an administrator has configured a user's roaming profile, the profile will be created at the user's next login. The profile is created at the location that is specified by the administrator.For Windows 2000 Professional pre-SP4 and Windows XP pre-SP1 operating systems, the default file permissions for the newly generated profile are full control access for the user and no file access for the administrators group. No checks are made for the correct permissions if the profile folder already exists. For Windows Server 2003 family, Windows 2000 Professional SP4 and Windows XP SP1, the default behavior is to check the folder for the correct permissions if the profile folder already exists, and not copy files to or from the roaming folder if the permissions are not correct.By configuring this policy setting, you can alter this behavior.If you enable this policy setting Windows will not check the permission
This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in Windows NT 4.0 and earlier. Along with %HOMEDRIVE%, these variables define the home directory of a user profile. The home directory is a persistent mapping of a drive letter on the local computer to a local or remote directory.If you enable this policy setting, the system uses the Windows NT 4.0 definitions. %HOMESHARE% stores only the network share (such as \\server\share). %HOMEPATH% stores the remainder of the fully qualified path to the home directory (such as \dir1\dir2\homedir). As a result, users can access any directory on the home share by using the home directory drive letter.If you disable or do not configure this policy setting, the system uses the definitions introduced with Windows 2000. %HOMESHARE% stores the fully qualified path to the home directory (such as \\server\share\dir1\dir2\homedir). Users can access the home directory and any of its subdirectories from the home driv
This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default, when users with roaming profiles log off, the system also saves a copy of their roaming profile on the hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load.If you enable this policy setting, any local copies of the user's roaming profile are deleted when the user logs off. The roaming profile still remains on the network server that stores it.If you disable or do not configure this policy setting, Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off.Important: Do not enable this policy setting if you are using the slow link detection feature. To respond to a slow link, the system r
This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link, the related policy settings in this folder tell the computer how to respond.If you enable this policy setting, the system does not detect slow connections or recognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles, and it ignores the policy settings that tell the system how to respond to a slow connection.If you disable this policy setting or do not configure it, slow link detection is enabled. The system measures the speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the "Slow network connection timeout for user profiles" policy setting), the system applies the other policy settings set in this folder to determine how to proceed. By defa
This policy setting provides users with the ability to download their roaming profile, even when a slow network connection with their roaming profile server is detected.If you enable this policy setting, users will be allowed to define whether they want their roaming profile to be downloaded when a slow link with their roaming profile server is detected.In operating systems earlier than Microsoft Windows Vista, a dialog box will be shown to the user during logon if a slow network connection is detected. The user then is able to choose to download the remote copy of the user profile. In Microsoft Windows Vista, a check box appears on the logon screen and the user must choose whether to download the remote user profile before Windows detects the network connection speed. If you disable or do not configure this policy setting, the system does not consult the user. Instead, the system uses the local copy of the user profile. If you have enabled the "Wait for remote user profile" policy setting, the system downl
This policy setting lets you exclude folders that are normally included in the user's profile. As a result, these folders do not need to be stored by the network server on which the profile resides and do not follow users to other computers.Note: When excluding content from the profile you should try to exclude the narrowest set of data that will address your needs. For example, if there is one application with data that should not be roamed then add only that application's specific folder under the AppData\Roaming folder rather than all of the AppData\Roaming folder to the exclusion list.By default, the Appdata\Local and Appdata\LocalLow folders and all their subfolders such as the History, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile.In operating systems earlier than Microsoft Windows Vista, only the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile by default.If you enable this policy setting, you can
This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.If you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.If you disable or do not configure this policy setting, W
This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.If you disable this policy setting or do not configure it, the system does not limit the size of user profiles.If you enable this policy setting, you can:-- Set a maximum permitted user profile size.-- Determine whether the registry files are included in the calculation of the profile size.-- Determine whether users are notified when the profile exceeds the permitted maximum size.-- Specify a customized message notifying users of the oversized profile.-- Determine how often the customized message is displayed.Note: In operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Instead, if the user has a roaming user profile, Wi
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If they have already logged on to this computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is merged with the server copy of their profile.Using the setting, you can prevent users configured to use roaming profiles from receiving their profile on a specific computer.If you enable this setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile. If you disable this setting or do not configure it, the default behavior occurs, as indicated above.If you enable both the "Prevent Roaming Pr
This policy setting controls how long Windows waits for a user response before it uses a default user profile for roaming user profiles.The default user profile is applied when the user does not respond to messages explaining that any of the following events has occurred:-- The system detects a slow connection between the user's computer and the server that stores users' roaming user profiles.-- The system cannot access users' server-based profiles when users log on or off.-- Users' local profiles are newer than their server-based profiles.If you enable this policy setting, you can override the amount of time Windows waits for user input before using a default user profile for roaming user profiles. The default timeout value is 30 seconds. To use this policy setting, type the number of seconds Windows should wait for user input. The minumum value is 0 seconds, and the maximum is 600 seconds.If you disable or do not configure this policy setting, Windows waits 30 seconds for user input before applying the
This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from loggin on the user with a temporary profile.If you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded.If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile.Also, see the "Delete cached copies of roaming profiles" policy setting.
This policy setting determines how many times the system tries to unload and update the registry portion of a user profile. When the number of trials specified by this policy setting is exhausted, the system stops trying. As a result, the user profile might not be current, and local and roaming user profiles might not match.When a user logs off of the computer, the system unloads the user-specific section of the registry (HKEY_CURRENT_USER) into a file (NTUSER.DAT) and updates it. However, if another program or service is reading or editing the registry, the system cannot unload it. The system tries repeatedly (at a rate of once per second) to unload and update the registry settings. By default, the system repeats its periodic attempts 60 times (over the course of one minute).If you enable this policy setting, you can adjust the number of times the system tries to unload and update the user's registry settings. (You cannot adjust the retry rate.)If you disable this policy setting or do not configure it, the
This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default, when a user with a roaming profile logs on to a computer, the roaming profile is copied down to the local computer. If the user has logged on to the computer in the past, the roaming profile is merged with the local profile. Similarly, when the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile.Using this policy setting, you can prevent changes made to a roaming profile on a particular computer from being persisted.If you enable this policy setting, changes a user makes to their roaming profile aren't merged with the server (roaming) copy when the user logs off.If you disable or not configure this policy setting, the default behavior occurs, as indicated above.Note: This policy setting only affects roaming profile users.
This policy setting directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow. Also, the system waits for the remote copy when the user is notified about a slow connection, but does not respond in the time allowed.This policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load.If you enable this policy setting, the system waits for the remote copy of the roaming user profile to load, even when loading is slow.If you disable this policy setting or do not configure it, when a remote profile is slow to load, the system loads the local copy of the roaming user profile. The local copy is also used when the user is consulted (as set in the "Prompt user when slow link is detected" policy setting), but does not respond in the time allowed (as set in the "Timeout for dialog boxes" policy setting).Waiting for the remote profile is appropriate when users move between computers frequently
This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed. To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transfered. From that connection and data transfer, the network's latency and connection speed are determined.This policy setting and related policy settings in this folder together define the system's response when roaming user profiles are slow to load.If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow.If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days. If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.
This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection, to help resolve issues with applications that do not work well with Offline Files while the user is online.If you enable this policy setting, the network paths specified in this policy setting will be synchronized only by Offline Files during user logon and logoff, and will be taken offline while the user is logged on.If you disable or do not configure this policy setting, the paths specified in this policy setting will behave like any other cached data via Offline Files and continue to remain online while the user is logged on, if the network paths are accessible. Note: You should not use this policy setting to suspend any of the root redirected folders such as Appdata\Roaming, Start Menu, and Documents. You should suspend only the subfolders of these parent folders.
This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys. Note: This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize, such as with a wireless network.Note: Windows doesn't wait for the network if the physical network connection is not available on the computer (if the media is disconnected or the network adapter is not available).If you enable this policy setting, Windows waits for the network to become available up to the maximum wait time specified in this policy setting. Setting the value to zero causes Windows to proceed without waiting for the network.If you disable or do not configure this policy setting, Windows waits for the network for a maximum of 30 seconds.
This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting, type the path to the network share in the form \\Computername\Sharename\. It is recommended to use a path such as \\Computername\Sharename\%USERNAME% to give each user an individual profile folder. If not specified, all users logging onto this computer will use the same roaming profile folder as specified by this policy. You need to ensure that you have set the appropriate security on the folder to allow all users to access the profile.If you enable this policy setting, all users logging on this computer will use the roaming profile path specified in this policy.If you disable or do not configure this policy setting, users logging on this computer will use their local profile or standard roaming user profile.Note: There are four ways to configure a roaming profile for a user. Windows reads profile configuration in the followi
This policy setting sets the schedule for background uploading of a roaming user profile's registry file (ntuser.dat). This policy setting controls only the uploading of a roaming user profile's registry file (other user data and regular profiles are not be uploaded) and uploads it only if the user is logged on. This policy setting does not stop the roaming user profile's registry file from being uploaded at user logoff.If "Run at set interval" is chosen, then an interval must be set, with a value of 1-720 hours. Once set, Windows uploads the profile's registry file at the specified interval after the user logs on. For example, with a value of 6 hours, the registry file of the roaming user profile is uploaded to the server every six hours while the user is logged on.If "Run at specified time of day" is chosen, then a time of day must be specified. Once set, Windows uploads the registry file at the same time every day, as long as the user is logged on.For both scheduling options, there is a random one hour
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:"Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS."Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information pr
This policy setting controls on a per-computer basis whether roaming profiles are downloaded on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.If you enable this policy setting and the user has a roaming profile, the roaming profile is downloaded on the user's primary computer only.If you disable or do not configure this policy setting and the user has a roaming profile, the roaming profile is downloaded on every computer that the user logs on to.
This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.To use this policy setting, in the Location list, choose the location for the home folder. If you choose On the network, enter the path to a file share in the Path box (for example, \\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose On the local computer, enter a local path (for example, C:\HomeFolder) in the Path box.Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon.Note: The Drive letter box is ignored if you choose On the local computer from the Location list. If you choose On the local computer and enter a file share, the user's hom
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption recovery information. This provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information. This policy setting is only applicable to computers running Windows Server 2008 or Windows Vista.If you enable this policy setting, BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer. This policy setting is applied when you turn on BitLocker.Note: You might need to set up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. More information about setting up AD DS backup for BitLocker is available on Microsoft TechNet.BitLocker recovery information includes the recovery password and some unique identifier data. You can also include a package that contains a BitLocker-protected drive's encryption key. This key pack
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard can display and specify BitLocker recovery options. This policy is only applicable to computers running Windows Server 2008 or Windows Vista. This policy setting is applied when you turn on BitLocker.Two recovery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. The user either can type a 48-digit numerical recovery password or insert a USB flash drive containing a 256-bit recovery key.If you enable this policy setting, you can configure the options that the setup wizard displays to users for recovering BitLocker encrypted data. Saving to a USB flash drive will store the 48-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving to a folder will store the 48-digit recovery password as a text file. Printing will send the 48-digit recovery password to the default printer. For example, not allowing the 48-digit recovery pa
This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting, you can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in a folder. You can specify either a fully qualified path or include the target computer's environment variables in the path. If the path is not valid, the BitLocker setup wizard will display the computer's top-level folder view.If you disable or do not configure this policy setting, the BitLocker setup wizard will display the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.Note: This policy setting does not prevent the user from saving the recovery password in another folder.
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only applicable to computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7.If you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives.If you disable or do not configure this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only applicable to computers running Windows 8 and later. If you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)" policy setting, if it is set. If neither policy is set, BitLocker will use the default encryption method of AES 128
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performance but will increase the risk of exposing BitLocker secrets.If you disable or do not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.If you enable this policy setting, all new BitLocker startup PINs set will be enhanced PINs.Note: Not all computers may support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setup.If you disable or do not configure this policy setting, enhanced PINs will not be used.
This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enabled.Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.If you enable this policy setting, users can configure a password that meets the requirements you define. To enforce complexity requirements on the password, select "Require complexity".When set to "Require complexity" a connection to a domain controller is necessary when BitLocker is
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.If you disable this policy setting, platform validation data will not be refreshed when Windows is started following BitLocker recovery.If you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first.This policy setting is applied when you turn on BitLocker.If you enable this policy setting, standard users will not be allowed to change BitLocker PINs or passwords.If you disable or do not configure this policy setting, standard users will be permitted to change BitLocker PINs and passwords.
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier to BitLocker-protected drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected drives using the manage-bde command-line tool. An identification field is required for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured for the identification field.The a
This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute, but if one is configured for the certificate it must be set to an object identifier (OID) that matches the OID configured for BitLocker.If you enable this policy setting, the object identifier specified in the "Object identifier" box must match the object identifier in the smart card certificate.If you disable or do not configure this policy setting, a default object identifier is us
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.If you enable this policy setting, you will be able to add additional settings, remove the default settings, or both.If you disable this policy setting, the computer will revert to a BCD profile similar to the default BCD profile used by Windows 7.If you do not configure this policy setting, the computer will verify the default Windows BCD settings. Note: When BitLocker is using Secure Boot for platform and Boot Configuration Data (BCD) integrity validation, as defined by the "Allow Secure Boot for integrity validation" group policy, the "Use enhanced Boot Configuration Data validation profile" group policy is ignored.The setting that controls boot debugging (0x16000010) will always be validated and will have no effect if it is included in the provided fields.
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.The "Allow certificate-based data recovery agent" check box is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker o
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on.If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard.If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. This policy setting is applied when you turn on BitLocker.Note: This policy is only applicable to computers running Windows Server 2008 or Windows Vista.On a computer with a compatible Trusted Platform Module (TPM), two authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can require users to insert a USB flash drive containing a startup key. It can also require users to enter a 4-digit to 20-digit startup personal identification number (PIN).A USB flash drive containing a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protected solely by the key material on this USB flash drive.If you enable this policy setting, the wizard will display the page to allow the user to configure advanced
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This policy setting is applied when you turn on BitLocker.Note: Only one of the additional authentication options can be required at startup, otherwise a policy error occurs.If you want to use BitLocker on a computer without a TPM, select the "Allow BitLocker without a compatible TPM" check box. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.On a computer with a compatible TPM, four types of authenticati
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy, clients configured with a BitLocker Network Unlock certificate will be able to create and use Network Key Protectors.To use a Network Key Protector to unlock the computer, both the computer and the BitLocker Drive Encryption Network Unlock server must be provisioned with a Network Unlock certificate. The Network Unlock certificate is used to create Network Key Protectors, and protects the information exchanged with the server to unlock the computer. You can use the group policy setting "Computer Configuration\Windows Settings\Security Settings\Public Key Policies\BitLocker Drive Encryption Network Unlock Certificate" on the domain controller to distribute this certificate to computers in
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive.If you disable or do not configure this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set o
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Important: This group policy only applies to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Service Module (CSM) enabled. Computers using a native UEFI firmware configuration store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for native UEFI firmware configurations" group policy setting to configure the TPM PCR profile for computers using native UEFI firmware.If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLo
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Important: This group policy only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a Compatibility Service Module (CSM) enabled store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for BIOS-based firmware configurations" group policy setting to configure the TPM PCR profile for computers with BIOS configurations or computers with UEFI firmware with a CSM enabled.If you enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting, you can require a minimum number of digits to be used when setting the startup PIN.If you disable or do not configure this policy setting, users can configure a startup PIN of any length between 4 and 20 digits.
This policy setting allows you to manage BitLockers use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive.
This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates lack of pre-boot input capability.The Windows on-screen touch keyboard (such as used by slates) is not available in the pre-boot environment where BitLocker requires additional information such as a PIN or Password.It is recommended that administrators enable this policy only for devices that are verified to have an alternative means of pre-boot input (such as by attaching a USB keyboard).Note that if this option is not enabled, options in the "Require additional authentication at startup" policy may not be available on such devices. These options include:- Configure TPM startup PIN: Required/Allowed- Configure TPM startup key and PIN: Required/Allowed- Configure use of passwords for operating system drives.
This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives.Secure Boot ensures that the PC's pre-boot environment only loads firmware that is digitally signed by authorized software publishers. Secure Boot also provides more flexibility for managing pre-boot configuration than legacy BitLocker integrity checks.If you enable or do not configure this policy setting, BitLocker will use Secure Boot for platform integrity if the platform is capable of Secure Boot-based integrity validation.If you disable this policy setting, BitLocker will use legacy platform integrity validation, even on systems capable of Secure Boot-based integrity validation.When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the "Use enhanced Boot Configuration Data validation profile" group policy setting is ignored and Secure Boot verifies BCD settings according to the Secure Boot policy setting, w
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.The "Allow data recovery agent" check box is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enabled.Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.If you enable this policy setting, users can configure a password that meets the requirements you define. To require the use of a password, select "Require password for fixed data drive". To enforce complexity requirements on the password, select "Require complexity".When set to "Require complexity
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.If this policy setting is enabled or not configured, fixed data drives formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted fixed drives" check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified in the "Provide
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer.If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on fixed data drives" check box.Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive.If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected fixed data drives.If you do not configure this policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.
This policy setting allows you to manage BitLockers use of hardware-based encryption on fixed data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If har
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.The "Allow data recovery agent" check box is used to specify whether a data recovery agent can be used with BitLocker-protected removable data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.In "Configure user storage of BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you wil
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker.When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection.If you do not configure this policy setting, users can use BitLocker on removable disk drives.If you disable this policy setting, users cannot use BitLocker on removable disk drives.
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, enforce complexity requirements, and configure a minimum length. For the complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enabled.Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive.If you enable this policy setting, users can configure a password that meets the requirements that you define. To require the use of a password, select "Require password for removable data drive". To enforce complexity requirements on the password, select "Require complexity".When set to "Require complexity" a connection to a domain
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting.If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.Note: This policy setting can be overridden by the policy settings under User Configuration\Administr
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.If this policy setting is enabled or not configured, removable data drives formatted with the FAT file system can be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted removable drives" check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has the same identification field as specified
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer.If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on removable data drives" check box.Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive.If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives.If you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
This policy setting allows you to manage BitLockers use of hardware-based encryption on removable data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If
This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.If you enable this policy setting, you can specify the following Clock discipline, General and RODC parameters for this service.If you disable or do not configure this policy setting, Windows Time service uses the defaults of each of the following parameters.Several of the following values are scalar, which means that they only have meaning in relation to one another and are not defined by specific unit measurements.FrequencyCorrectRateThis parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Values that are too low can lead to overcorrection and instability. Values that are too high can lead to slow synchronization. Default: 4 (scalar).HoldPeriodThis parameter indicates how many potentially accurate time samples the client computer mus
This policy setting specifies a set of parameters for controlling the Windows NTP Client.If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.If you disable or do not configure this policy setting, the WIndows NTP Client uses the defaults of each of the following parameters.NtpServerThe Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". TypeThis value controls the authentication that W32time uses. The default value is NT5DS.CrossSiteSyncFlagsThis value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time cli
This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time. If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances: Automatic connection attempts - When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked. - When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked. Manual connection attempts - When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed. - When the computer
This policy setting prevents computers from establishing multiple simultaneous connections to either the Internet or to a Windows domain. By default, when this policy setting value is Not Configured, it is enabled. If this policy setting is enabled, when the computer has at least one active connection to the Internet, a new automatic connection attempt to the Internet is blocked. When the computer has at least one active connection to a Windows domain, a new automatic connection to the same Windows domain is also blocked. Additional manual connection attempts by users to the Internet or to a Windows domain are not blocked by this policy setting. In circumstances where there are multiple simultaneous connections to either the Internet or to a Windows domain, Windows disconnects the less preferred connection when the amount of network traffic over the less preferred connection drops below a certain threshold. For example, when a computer is connected to Internet using a Wi-Fi connection a
This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming provider network. If this policy setting is enabled, all automatic and manual connection attempts to roaming provider networks are blocked until the client registers with the home provider network. If this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broadband networks.
This policy setting specifies that power management is disabled when the machine enters connected standby mode. If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode. If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.If you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size.No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data will not be deleted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.If you enable this policy setting, you must select an execution level from the drop-down menu. If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.If you disable this policy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS.If you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings.This policy setting takes precedence over any scenario-specific policy settings when it is enabled or disabled. Scenario-
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.If you enable this setting, Windows Calendar will be turned off.If you disable or do not configure this setting, Windows Calendar will be turned on.The default is for Windows Calendar to be turned on.
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.If you enable this setting, Windows Calendar will be turned off.If you disable or do not configure this setting, Windows Calendar will be turned on.The default is for Windows Calendar to be turned on.
By default, Add features to Windows 8 is available for all administrators. If you enable this policy setting, the wizard will not run.If you disable this policy setting or set it to Not Configured, the wizard will run.
By default, Add features to Windows 8 is available for all administrators. If you enable this policy setting, the wizard will not run.If you disable this policy setting or set it to Not Configured, the wizard will run.
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting, machine administrator/backup operator can backup only volumes hosting OS components and no data only volumes can be backed up.If you disable or do not configure this policy setting, backups can include both system or data volumes.
This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to a locally attached storage or disk.If you disable or do not configure this policy setting, there is no restriction on locally attached storage or disk being backup target.
This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to a network share.If you disable or do not configure this policy setting, there is no restriction on network share being backup target.
This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run backups to an optical media.If you disable or do not configure this policy setting, there is no restriction on optical media being backup target.
This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run non-scheduled run-once backups.If you disable or do not configure this policy setting, there is no restriction on running run-once backups.
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives.Additional options are available to allow discovery and configuration over a specific medium. If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. If you disable this policy setting, operations are disabled over all media. If you do not configure this policy setting, operations are enabled over all media. The default for this policy setting allows operations over all media.
This policy setting checks for new signatures before running scheduled scans.If you enable this policy setting, the scheduled scan checks for new signatures before it scans the computer.If you disable or do not configure this policy setting, the scheduled scan begins without downloading new signatures.
This policy setting turns off Windows Defender.If you enable this policy setting, Windows Defender does not run, and computers are not scanned for malware or other potentially unwanted software.If you disable or do not configure this policy setting, by default Windows Defender runs and computers are scanned for malware and other potentially unwanted software.
This policy setting allows you to configure membership in Microsoft Active Protection Service.Microsoft Active Protection Service is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like the location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent.If you enable this policy setting, you can select how Windows Defender reports potential malware threats using the following options:No MembershipNo information will be sent to Microsoft. You won't be alerted if unclassified software is detected running on your computer.Basic MembershipSend basic information to Microsoft about software that Windows Defender detects, incl
This policy setting turns off real-time protection prompts for known malware detection.Windows Defender alerts you when malware or potentially unwanted software attempts to install itself or to run on your computer.If you enable this policy setting, Windows Defender will not prompt users to take actions on malware detections.If you disable or do not configure this policy setting, Windows Defender will prompt users to take actions on malware detections.
This policy setting allows you to configure whether Windows Defender automatically takes action on all detected threats. The action to be taken on a particular threat is determined by the combination of the policy-defined action, user-defined action, and the signature-defined action.If you enable this policy setting, Windows Defender does not automatically take action on the detected threats, but prompts users to choose from the actions available for each threat.If you disable or do not configure this policy setting, Windows Defender automatically takes action on all detected threats after a nonconfigurable delay of approximately ten minutes.
Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.If you enable this policy setting, the Back button is removed from the standard Open dialog box.If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box.To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.
Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2
Removes the shortcut bar from the Open dialog box.This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.The valid items you may display in the Places Bar are:1) Shortcuts to a local folders -- (ex. C:\Windows)2) Shortcuts to remote folders -- (\\server\share)3) FTP folders 4) web folders 5) Common Shell folders.The list of Common Shell Folders that may be specified:Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.
This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features. Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options.If you disable or not configure this policy, the default File Explorer behavior is applied to the user.Note: In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled.Also, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Deskt
Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine.A shell extension only runs if there is an entry in at least one of the following locations in registry.For shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.If you enable this policy setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path.If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.
"This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu.The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents."
This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting, thumbnail views are not cached.If you disable or do not configure this policy setting, thumbnail views are cached.Note: For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.If you disable or do not configure this policy setting, users are able to use the File Explorer CD burning features.Note: This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users.Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users.If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel.
Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel.When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer.This policy setting does not prevent users from using other methods to configure DFS.If you disable or do not configure this policy setting, the DFS tab is available.
This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.If you enable this policy setting, select a drive or combination of drives in the drop-down list.Note: This policy setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window.Also, this policy setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down
Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.To remove computers in the user's workgroup or domain from lists of network resources, use the "No Computers Near Me in Network Locations" setting.Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.If you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they will not be able to open Folder Options.If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.
Removes the Hardware tab.This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.Tip: To hide all context menus, use the "Remove File Explorer's default context menu" setting.
This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.Note: The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.
Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.Note:This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
Prevents users from submitting alternate logon credentials to install a program.This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.Many programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.If you disable this setting or do not configure it
Removes the Security tab from File Explorer.If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.If you disable or do not configure this setting, users will be able to access the security tab.
This policy setting allows you to remove the Search button from the File Explorer toolbar.If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations.Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.
Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.
Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.To use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restrict drives" option from the drop-down list.Note: The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action. Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics.Also, see the "Hide these specif
Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer. By using this setting, you can disable these Windows+X shortcut keys.If you enable this setting, the Windows+X shortcut keys are unavailable.If you disable or do not configure this setting, the Windows+X shortcut keys are available.
This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.If you disable or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations.This policy setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
Prompts users for alternate logon credentials during network-based installations.This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.If you disable this setting or do not configure it, this dialog box appears only when users are installing programs from local media.The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.Note: If it is e
Limits the percentage of a volume's disk space that can be used to store deleted files.If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.If you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin.Note: This setting is applied to all volumes.
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window.
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See m
This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.The first several links will
This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted. If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different.Note: If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.
This policy setting allows you to specify a list of known folders that should be disabled. Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.You can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.Note: Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.
This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting, File Explorer will not display snippets in Content view mode.If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.Setting this policy will: * Disable all Arrangement views except for "By Folder" * Disable all Search filter suggestions other than "Date Modified" and "Size" * Disable view of file content snippets in Content mode when search results are returned * Disable ability to stack in the Context menu and Column headers * Exclude Libraries from the scope of Start searchThis policy will not enable users to add unsupported locations to Libraries.If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled.If you disable or do not configure this policy, all default Windows Libraries features will be enabled.
Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System. This behavior is consistent with Windows Vista's behavior in this scenario.This disables access to user-defined properties, and properties stored in NTFS secondary streams.
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System. This behavior is consistent with Windows Vista's behavior in this scenario.This disables access to user-defined properties, and properties stored in NTFS secondary streams.
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.If you enable this policy setting,
This policy setting allows you to specify a location where all default Library definition files for users/machines reside.If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
This policy setting allows you to specify a location where all default Library definition files for users/machines reside.If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.If you enable this policy setting, Windows SmartScreen behavior may be controlled by setting one of the following options: Require approval from an administrator before running downloaded unknown software Give user a warning before running downloaded unknown software Turn off SmartScreenIf you disable or do not configure this policy setting, Windows SmartScreen behavior is managed by administrators on the PC by using Windows SmartScreen Settings in Action Center.Options: Require approval from an administrator before running downloaded unknown software Give user a warning before running downloaded unknown software Turn off SmartScreen
Shows or hides lock from the user tile menu. If you enable this policy setting, the lock option will be shown in the User Tile menu.If you disable this policy setting, the lock option will never be shown in the User Tile menu.If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel.
Shows or hides sleep from the power options menu. If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).If you disable this policy setting, the sleep option will never be shown in the Power Options menu.If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.
Shows or hides hibernate from the power options menu. If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).If you disable this policy setting, the hibernate option will never be shown in the Power Options menu.If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.
This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:)If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened. If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows. If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened. If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows. If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool. For example:Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt For more information, refer to the DISM documentation on TechNet.If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time. If the group policy is not configured, disabled, or the client machine is not domain-joined, no default associations will be applied at logon time. If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations.
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.Note: Allowing the use of remote paths in file shortcut icons can expose users computers to security risks.
This policy setting specifies an alternate location for the Windows File Protection cache.If you enable this policy setting, enter the fully qualified local path to the new location in the "Cache file path" box.If you disable this setting or do not configure it, the Windows File Protection cache is located in the %Systemroot%\System32\Dllcache directory.Note: Do not put the cache on a network shared directory.
This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache.Windows File Protection adds protected files to the cache until the cache content reaches the quota. If the quota is greater than 50 MB, Windows File Protection adds other important Windows XP files to the cache until the cache size reaches the quota.If you enable this policy setting, enter the maximum amount of disk space to be used (in MB). To indicate that the cache size is unlimited, select "4294967295" as the maximum amount of disk space.If you disable this policy setting or do not configure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.
This policy setting allows you to set when Windows File Protection scans protected files. This policy setting directs Windows File Protection to enumerate and scan all system files for changes.If you enable this policy setting, select a rate from the "Scanning Frequency" box. You can use this setting to direct Windows File Protection to scan files more often.-- "Do not scan during startup," the default, scans files only during setup.-- "Scan during startup" also scans files each time you start Windows XP. This setting delays each startup.If you disable or do not configure this policy setting, by default, files are scanned only during setup.Note: This policy setting affects file scanning only. It does not affect the standard background file change detection that Windows File Protection provides.
This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it might confuse novices.If you enable this policy setting, the file scan window does not appear during file scanning.If you disable or do not configure this policy setting, the file scan progress window appears.
Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting, you must type a security descriptor containing a list of computers or groups of computers. If a computer on that list authenticates using IPsec, Windows Firewall does not block its unsolicited messages. This policy setting overrides other policy settings that would block those messages.If you disable or do not configure this policy setting, Windows Firewall makes no exception for messages sent by computers that authenticate using IPsec. If you enable this policy setting and add systems to the list, upon disabling this policy, Windows Firewall deletes the list.Note: You define entries in this list by using Security Descriptor Definition Language (SDDL) strings. For more information about the SDDL format, see the Windows Firewall deployment information at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=25131).
Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port is blocked by another policy setting, such as the "Windows Firewall: Define inbound port exceptions" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remo
Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
Turns on Windows Firewall.If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.
Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting, in the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is selected and administrators cannot clear it. You should also enable the "Windows Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can work around the "Windows Firewall: Do not allow exceptions" policy setting by turning off the firewall.If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Fi
Allows inbound file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports.
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the "Allow inbound echo request" message type, Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.If you enable this policy setting, you must specify which ICMP message types Windows Firewall allows this computer to send or receive.If you disable this policy setting, Windows Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Firewall deletes the list of message types that you had en
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives.If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log successful incoming messages.If you are configuring the log file name, ensure that the Windows Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log.If you disable this policy setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log file and adds information, then upon disablin
Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting, Windows Firewall prevents the display of these notifications.If you disable this policy setting, Windows Firewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" check box is selected and administrators cannot clear it.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" check box is selected by default, and administrators can change it.
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: Allow local port exceptions" policy s
Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local port exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to SVCHOST.EXE and LSASS.EXE.If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.If you
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389.If you enable this policy setting, Windows Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unles
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Firewall blocks the unicast responses sent by those other computers.If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and UDP port 1900.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows F
Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port is blocked by another policy setting, such as the "Windows Firewall: Define inbound port exceptions" policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remo
Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
Turns on Windows Firewall.If you enable this policy setting, Windows Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting.If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides.
Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting, in the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is selected and administrators cannot clear it. You should also enable the "Windows Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can work around the "Windows Firewall: Do not allow exceptions" policy setting by turning off the firewall.If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Fi
Allows inbound file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports.
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the "Allow inbound echo request" message type, Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.If you enable this policy setting, you must specify which ICMP message types Windows Firewall allows this computer to send or receive.If you disable this policy setting, Windows Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Firewall deletes the list of message types that you had en
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives.If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log successful incoming messages.If you are configuring the log file name, ensure that the Windows Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log.If you disable this policy setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log file and adds information, then upon disablin
Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting, Windows Firewall prevents the display of these notifications.If you disable this policy setting, Windows Firewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" check box is selected and administrators cannot clear it.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Windows Firewall component of Control Panel, the "Notify me when Windows Firewall blocks a new program" check box is selected by default, and administrators can change it.
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows Firewall: Allow local port exceptions" policy s
Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local port exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security to specify that local firewall rules should not apply.
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control connections to SVCHOST.EXE and LSASS.EXE.If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.If you
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389.If you enable this policy setting, Windows Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unles
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Firewall blocks the unicast responses sent by those other computers.If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts.
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and UDP port 1900.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firewall component of Control Panel, the "UPnP framework" check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows F
Denies or allows access to the Windows Mail application.If you enable this setting, access to the Windows Mail application is denied.If you disable or do not configure this setting, access to the Windows Mail application is allowed.
Denies or allows access to the Windows Mail application.If you enable this setting, access to the Windows Mail application is denied.If you disable or do not configure this setting, access to the Windows Mail application is allowed.
Windows Mail will not check your newsgroup servers for Communities support.
Windows Mail will not check your newsgroup servers for Communities support.
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player.This policy setting prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the options can be configured by using other Windows Media Player group policies.If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.If you disable or do not configure this policy setting, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window are not available.
This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available.If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoothing check box is selected and is not available.If you do not configure this policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box.Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available.If you disable or do not configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check box.
This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature.If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available.If you disable or do not configure this policy setting, users can change the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.
This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar.If you disable or do not configure this policy setting, the user can choose whether to add the shortcut for the Player to the Quick Launch bar.
This policy setting allows you to prevent radio station presets from being retrieved from the Internet.If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed.If you disable or do not configure this policy setting, the Player automatically retrieves radio station presets from the Internet.
This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting, users cannot add the Player shortcut icon to their desktops.If you disable or do not configure this policy setting, users can choose whether to add the Player shortcut icon to their desktops.
This policy setting allows a screen saver to interrupt playback.If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available.If you disable this policy setting, a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is cleared and is not available.If you do not configure this policy setting, users can change the setting for the Allow screen saver during playback check box.
This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not available.If you do not configure this policy setting, users can change the setting for the Download codecs automatically check box.
Prevents the anchor window from being displayed when Windows Media Player is in skin mode.This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player.When this policy is not configured and the Set and Lock Skin policy is enabled, some options in the anchor window are not available.
This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled.The default privacy settings are used for the options on the Privacy tab unless the user changed the settings previously.If you disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured by other polices.
This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies.If you disable or do not configure this policy setting, users can configure the security settings on the Security tab.
This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.You must use the complete file name for the skin (for example, skin_name.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank.A user has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot choose a different skin.If you disable or do not configure this policy setting, users can display the Player in full or skin mode and have access to all available features of the Player.
This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.- Use browser proxy settings: browser's proxy settings are used.If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected.The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected.If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the HTTP proxy.If you do not configure this poli
This policy setting allows you to specify the MMS proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is not selected.If you disable this policy setting, the MMS proxy server cannot be used and users cannot configure the MMS proxy settings.If you do not configure this policy setting, users can configure the MMS proxy settings.
This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.If you enable this policy setting, select one of the following proxy types:- Autodetect: the proxy settings are automatically detected.- Custom: unique proxy settings are used.If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect is selected.The Configure button on the Network tab in the Player is not available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP proxy settings.If you do not configure this policy setting, users can configure the RTSP proxy settings.
This policy setting allows you to hide the Network tab.If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.If you disable or do not configure this policy setting, the Network tab appears and users can use it to configure network settings.
This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.- Custom: the number of seconds, up to 60, that streaming media is buffered.- Default: default network buffering is used and the number of seconds that is specified is ignored.The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available.If you disable or do not configure this policy setting, users can change the buffering options on the Performance tab.
This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected.If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL from a Windows Media server. If the "Hide network t
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Windows Messenger is not loaded automatically when a user logs on.If you disable or do not configure this policy setting, Windows Messenger will be loaded automatically at logon.Note: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.The user can also configure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface.Note: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting.Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Windows Messenger is not loaded automatically when a user logs on.If you disable or do not configure this policy setting, Windows Messenger will be loaded automatically at logon.Note: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.The user can also configure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface.Note: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting.Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting, Windows Messenger does not run.If you disable or do not configure this policy setting, Windows Messenger can be used.Note: If you enable this policy setting, Remote Assistance also cannot use Windows Messenger.Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting, Windows Messenger does not run.If you disable or do not configure this policy setting, Windows Messenger can be used.Note: If you enable this policy setting, Remote Assistance also cannot use Windows Messenger.Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting, the WinRM client uses Basic authentication. If WinRM is configured to use HTTP transport, the user name and password are sent over the network as clear text.If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting, the WinRM client does not use Digest authentication.If you disable or do not configure this policy setting, the WinRM client uses Digest authentication.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting, the WinRM client does not use Negotiate authentication.If you disable or do not configure this policy setting, the WinRM client uses Negotiate authentication.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting, the WinRM client uses CredSSP authentication.If you disable or do not configure this policy setting, the WinRM client does not use CredSSP authentication.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity.If you enable this policy setting, the WinRM client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the identity of the host.If you disable or do not configure this policy setting and the WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port.If you enable this policy setting, the WinRM service automatically listens on the network for requests on the HTTP transport over the default HTTP port.To allow WinRM service to receive requests over the network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP).If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardless of whether or not any WinRM listeners are configured.The service listens on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addresses on the computer and uses only addresses that fall wit
This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. If you enable this policy setting, the HTTP listener always appears. If you disable or do not configure this policy setting, the HTTP listener never appears. When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985. A listener might be automatically created on port 80 to ensure backward compatibility.
This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. If you enable this policy setting, the HTTPS listener always appears. If you disable or do not configure this policy setting, the HTTPS listener never appears. When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986. A listener might be automatically created on port 443 to ensure backward compatibility.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. If you enable this policy setting, the WinRM service accepts Basic authentication from a remote client. If you disable or do not configure this policy setting, the WinRM service does not accept Basic authentication from a remote client.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.If you disable or do not configure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on this computer.If you disable or do not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword value will be stored securely.If you enable and then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate authentication from a remote client. If you enable this policy setting, the WinRM service does not accept Negotiate authentication from a remote client. If you disable or do not configure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network. If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client. If you enable this policy setting, the WinRM service accepts CredSSP authentication from a remote client. If you disable or do not configure this policy setting, the WinRM service does not accept CredSSP authentication from a remote client.
This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting, the WinRM service uses the level specified in HardeningLevel to determine whether or not to accept a received request, based on a supplied channel binding token. If you disable or do not configure this policy setting, you can configure the hardening level locally on each computer. If HardeningLevel is set to Strict, any request not containing a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value), any request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).
This policy setting configures access to remote shells.If you enable this policy setting and set it to False, new remote shell connections are rejected by the server.If you disable or do not configure this policy setting, new remote shell connections are allowed.
This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.If you enable this policy setting, the server will wait for the specified amount of time since the last received message from the client before terminating the open shell.If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.The value can be any number from 1 to 100.If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.If you disable or do not configure this policy setting, the default number is five users.
This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes.Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, which means the ability of remote operations to allocate memory is only limited by the available virtual memory.If you enable this policy setting, the remote operation is terminated when a new allocation exceeds the specified quota.If you disable or do not configure this policy setting, the value 150 is used by default.
This policy setting configures the maximum number of processes a remote shell is allowed to launch.If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.If you disable or do not configure this policy setting, the limit is five processes per shell.
This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells.If you enable this policy setting, the user cannot open new remote shells if the count exceeds the specified limit.If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.
This setting controls automatic updates to a user's computer.Whenever a user connects to the Internet, Windows searches for updates available for the software and hardware on their computer and automatically downloads them. This happens in the background, and the user is prompted when downloaded components are ready to be installed, or prior to downloading, depending on their configuration.If you enable this setting, it prohibits Windows from searching for updates.If you disable or do not configure it, Windows searches for updates and automatically downloads them.Note: Windows Update is an online catalog customized for your computer that consists of items such as drivers, critical updates, Help files, and Internet products that you can download to keep your computer up to date.Also, see the "Remove links and access to Windows Update" setting. If the "Remove links and access to Windows Update" setting is enabled, the links to Windows Update on the Start menu are also removed.Note: If you have installed Window
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box.If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option in the Start menu.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box.If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option in the Start menu.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.If you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.Note that this policy setting has no impact if the User Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.If you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.Note that this policy setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.
This setting allows you to remove access to Windows Update.If you enable this setting, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update Web site.If enabled you can configure one of the following notification options:0 = Do not show any notificationsThis setting will remove all access to Windows Update features and no notifications will be shown.1 = Show restart required notificationsThis setting will show notifications about restarts that are required to complete an installation.On Windows 8 and Windows RT, if this policy is Enabled, then only notifications related to rest
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting: 2 = Notify before downloading any updates and notify again before installing them. When Windows finds updates that apply to this computer, an icon appears in the status area with a message that updates are ready to be downloaded. Clicking the icon or message provides the option to select the specific updates to download. Windows then downloads the selected updates in the background. When the download is complete, the icon appears in the status area again, with a notification that the updates are ready to be installed. Clicking the icon or message provides the option to select which updates to install. 3 = (Default setting) Download the updates automatically
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.To use this setting, you must set two servername values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.If the status is set to Enabled, the Automatic Updates client connects to the specified intranet Microsoft update service, instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates before deploying them.If the status is set to Disabled or No
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent of the hours specified. For example, if this policy is used to specify a 20 hour detection frequency, then all clients to which this policy is applied will check for updates anywhere between 16 and 20 hours.If the status is set to Enabled, Windows will check for available updates at the specified interval.If the status is set to Disabled or Not Configured, Windows will check for available updates at the default interval of 22 hours.Note: The "Specify intranet Microsoft update service location" setting must be enabled for this policy to have effect.Note: If the "Configure Automatic Updates" policy is disabled, this policy has no effect.Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting, Windows Automatic Update and Microsoft Update will include non-administrators when determining which logged-on user should receive update notifications. Non-administrative users will be able to install all optional, recommended, and important content for which they received a notification. Users will not see a User Account Control window and do not need elevated permissions to install these updates, except in the case of updates that contain User Interface , End User License Agreement , or Windows Update setting changes.There are two situations where the effect of this setting depends on the operating system: Hide/Restore updates, and Cancel an install.On XP: If you enable this policy setting, users will not see a User Account Control window and do not need elevated permissions to do either of these upda
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install.If the status is set to Disabled, such updates will not be installed immediately.Note: If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled, Automatic Updates will install recommended updates as well as important updates from Windows Update update service.When disabled or not configured Automatic Updates will continue to deliver important updates if it is already configured to do so.
This policy setting allows you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promote the installation and use of optional software. This policy setting is intended for use in loosely managed environments in which you allow the end user access to the Microsoft Update service.If you enable this policy setting, a notification message will appear on the user's computer when featured software is available. The user can click the notification to open the Windows Update Application and get more information about the software or install it. The user can also click "Close this message" or "Show me later" to defer the notification as appropriate.In Windows 7, this policy setting will only control detailed notifications for optional applications. In Windows Vista, this policy setting controls detailed notifications for optional applications and updates.If you disable or do not configure
Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the system from hibernation, if there are updates scheduled for installation.Windows Update will only automatically wake up the system if Windows Update is configured to install updates automatically. If the system is in hibernation when the scheduled install time occurs and there are updates to be applied, then Windows Update will use the Windows Power management features to automatically wake the system up to install the updates.Windows update will also wake the system up and install an update if an install deadline occurs.The system will not wake unless there are updates to be installed. If the system is on battery power, when Windows Update wakes it up, it will not install updates and the system will automatically return to hibernation in 2 minutes.
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer.Be aware that the computer needs to be restarted for the updates to take effect.If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the previous prompt for restart was postponed. If the status is set to Disabled or Not Configured, the default interval is 10 minutes. Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect. This policy has no effect on Windows RT
Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart.If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after the installation is finished.If the status is set to Disabled or Not Configured, the default wait time is 15 minutes.Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously.If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes after the computer is next started.If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation.If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is next started.Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service.If the status is set to Enabled, the specified target group information is sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to this computer.If the intranet Microsoft update service supports multiple target groups this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified.If the status is set to Disabled or Not Configured, no target group information will be sent to the intranet Microsoft update service.Note: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to support client-side targeting. If the "Specify intranet Microsoft update service location" policy is disabled or not configured, this policy has no effect.Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows R
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft.Note: Updates from a service other than an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting.Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting, the system does not create the named pipe remote shutdown interface.If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled.If you disable or do not configure this policy setting, the local setting is used.
This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level, if you enable this setting, a message appears after the user logs on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows desktop.For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this policy setting if the domain is not at the Windows Server 200
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user is notified before logon hours expire, if actions have been set to occur when the logon hours expire.If you enable this setting, warnings are not displayed to the user before the logon hours expire.If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have been set to occur when the logon hours expire.Note: If you configure this setting, you might want to examine and appropriately configure the Set action to take when logon hours expire setting. If Set action to take when logon hours expire is disabled or not configured, the Remove logon hours expiration warnings setting will have no effect, and users receive no warnings about logon hour expiration
This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation, disconnect the user, or log the user off completely.If you choose to lock or disconnect a session, the user cannot unlock the session or reconnect except during permitted logon hours.If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log off a user, the user might lose unsaved data.If you enable this setting, the system will perform the action you specify when the users logon hours expire.If you disable or do not configure this setting, the system takes no action when the users logon hours expire. The user can continue the existing session, but cannot log on to a new session.Note: If you configure this setting, you might want to examine and appropriately configure the Remove logon hours expiration warnings setting
This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting, you have one of four options:If you set this policy setting to "None," user mode software cannot simulate the SAS.If you set this policy setting to "Services," services can simulate the SAS.If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS.If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applications can simulate the SAS.If you disable or do not configure this setting, only Ease of Access applications running on the secure desktop can simulate the SAS.
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.If disabled or not configured, no popup will be displayed to the user.
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information.If enabled, a notification popup will be displayed to the user when the user logs on with cached credentials.If disabled or not configured, no popup will be displayed to the user.
Specifies an alternate user interface.The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, but you can use this setting to specify an alternate interface. If you enable this setting, the system starts the interface you specify instead of Explorer.exe.To use this setting, copy your interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer interface.Tip: To find the folders indicated by the Path environment variable, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variables box, click Path.
This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically terminated during shutdown.If you disable or do not configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly.
Denies or allows access to the Store application.If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.If you disable or do not configure this setting, access to the Store application is allowed.
Denies or allows access to the Store application.If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.If you disable or do not configure this setting, access to the Store application is allowed.
Allows or denies access to the Store application on Windows To Go workspaces.If you enable this setting, access to the Store application is allowed on the Windows To Go workspace. Only enable this policy when the Windows To Go workspace will only be used with a single PC. Using it with multiple PCs is not supported.If you disable or do not configure this setting, access to the Store application is denied on the Windows To Go workspace.
Enables or disables the automatic download of updates.If you enable this setting, automatic download of updates is turned off.If you disable or do not configure this setting, automatic download of updates is turned on.
This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis.If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
Set up the menu name and URL for the custom Internet search provider.If you enable this setting, the specified menu name and URL will be used for Internet searches.If you disable or not configure this setting, the default Internet search provider will be used.
This policy setting turns off tile notifications. If you enable this policy setting, applications and system features will not be able to update their tiles and tile badges in the Start screen. If you disable or do not configure this policy setting, tile and badge notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect.
This policy setting turns off toast notifications for applications. If you enable this policy setting, applications will not be able to raise toast notifications. Note that this policy does not affect taskbar notification balloons. Note that Windows system features are not affected by this policy. You must enable/disable system features individually to stop their ability to raise toast notifications. If you disable or do not configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect.
This policy setting turns off toast notifications on the lock screen. If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen. If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can be turned off by the administrator or user. No reboots or service restarts are required for this policy setting to take effect.
This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to poll application services to update tiles. If you enable this policy setting, applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs. If you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the application. If you disable or do not configure this policy setting, the client computer will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background. No reboots or service restarts are required for this policy setting to take effect.
This policy setting configures the cost of 3G connections on the local machine.If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis.If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default.
This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is costed on a per byte basis.If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
Reboot Required Logoff Required Active Directory Schema or Domain Requirements
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No Yes None
No Yes None
No Yes None
No Yes None
Yes No None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No Yes None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No Yes None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No Yes
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No Yes
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No Yes None
No Yes None
No No None
No No None
No No Yes
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No Yes
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
Yes No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
Yes No None
No No None
No No None
No No None
No No None
No Yes None
No No None
No Yes None
No Yes None
No Yes None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
No No None
Status Policy Path
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\Security Options
New
New
New
New
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Computer Configuration\Windows Settings\Security Settings\System Services
Computer Configuration\Windows Settings\Security Settings\Registry
Computer Configuration\Windows Settings\Security Settings\File System
Policy Name Supported On
Enforce password history At least Windows XP SP2, Windows Server 2003
Maximum password age At least Windows XP SP2, Windows Server 2003
Minimum password age At least Windows XP SP2, Windows Server 2003
Minimum password length At least Windows XP SP2, Windows Server 2003
Password must meet complexity requirement At least Windows XP SP2, Windows Server 2003
Store passwords using reversible encryption for all users in the domain At least Windows XP SP2, Windows Server 2003
Account lockout duration At least Windows XP SP2, Windows Server 2003
Account lockout threshold At least Windows XP SP2, Windows Server 2003
Reset lockout counter after At least Windows XP SP2, Windows Server 2003
Enforce user logon restrictions At least Windows XP SP2, Windows Server 2003
Maximum lifetime for service ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket renewal At least Windows XP SP2, Windows Server 2003
Maximum tolerance for computer clock synchronization At least Windows XP SP2, Windows Server 2003
Audit account logon events At least Windows XP SP2, Windows Server 2003
Audit account management At least Windows XP SP2, Windows Server 2003
Audit directory service access At least Windows XP SP2, Windows Server 2003
Audit logon events At least Windows XP SP2, Windows Server 2003
Audit object access At least Windows XP SP2, Windows Server 2003
Audit policy change At least Windows XP SP2, Windows Server 2003
Audit privilege use At least Windows XP SP2, Windows Server 2003
Audit process tracking At least Windows XP SP2, Windows Server 2003
Audit system events At least Windows XP SP2, Windows Server 2003
Access this computer from the network At least Windows XP SP2, Windows Server 2003
Access Credential Manager as a trusted caller At least Windows Vista, Windows Server 2008
Act as part of the operating system At least Windows XP SP2, Windows Server 2003
Add workstations to a domain At least Windows XP SP2, Windows Server 2003
Adjust memory quotas for a process At least Windows XP SP2, Windows Server 2003
Allow log on locally At least Windows XP SP2, Windows Server 2003
Allow log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Backup files and directories At least Windows XP SP2, Windows Server 2003
Bypass traverse checking At least Windows XP SP2, Windows Server 2003
Change the system time At least Windows XP SP2, Windows Server 2003
Change the time zone At least Windows Vista, Windows Server 2008
Create a pagefile At least Windows XP SP2, Windows Server 2003
Create a token object At least Windows XP SP2, Windows Server 2003
Create global objects At least Windows XP SP2, Windows Server 2003
Create permanent shared objects At least Windows XP SP2, Windows Server 2003
Create Symbolic Links At least Windows Vista, Windows Server 2008
Debug programs At least Windows XP SP2, Windows Server 2003
Deny access to this computer from the network At least Windows XP SP2, Windows Server 2003
Deny log on as a batch job At least Windows XP SP2, Windows Server 2003
Deny log on as a service At least Windows XP SP2, Windows Server 2003
Deny log on locally At least Windows XP SP2, Windows Server 2003
Deny log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Enable computer and user accounts to be trusted for delegation At least Windows XP SP2, Windows Server 2003
Force shutdown from a remote system At least Windows XP SP2, Windows Server 2003
Generate security audits At least Windows XP SP2, Windows Server 2003
Impersonate a client after authentication At least Windows XP SP2, Windows Server 2003
Increase a process working set At least Windows Vista, Windows Server 2008
Increase scheduling priority At least Windows XP SP2, Windows Server 2003
Load and unload device drivers At least Windows XP SP2, Windows Server 2003
Lock pages in memory At least Windows XP SP2, Windows Server 2003
Log on as a batch job At least Windows XP SP2, Windows Server 2003
Log on as a service At least Windows XP SP2, Windows Server 2003
Log on locally Only Windows XP SP2
Manage auditing and security log At least Windows XP SP2, Windows Server 2003
Modify an object label At least Windows Vista, Windows Server 2008
Modify firmware environment values At least Windows XP SP2, Windows Server 2003
Perform volume maintenance tasks At least Windows XP SP2, Windows Server 2003
Profile single process At least Windows XP SP2, Windows Server 2003
Profile system performance At least Windows XP SP2, Windows Server 2003
Remove computer from docking station At least Windows XP SP2, Windows Server 2003
Replace a process level token At least Windows XP SP2, Windows Server 2003
Restore files and directories At least Windows XP SP2, Windows Server 2003
Shut down the system At least Windows XP SP2, Windows Server 2003
Synchronize directory service data At least Windows XP SP2, Windows Server 2003
Take ownership of files or other objects At least Windows XP SP2, Windows Server 2003
Accounts: Administrator account status Windows XP SP2, Windows Server 2003
Accounts: Block Microsoft accounts Windows 8, Windows Server 2012
Accounts: Guest account status At least Windows XP SP2, Windows Server 2003
Accounts: Limit local account use of blank passwords to console logon only At least Windows XP SP2, Windows Server 2003
Accounts: Rename administrator account At least Windows XP SP2, Windows Server 2003
Accounts: Rename guest account At least Windows XP SP2, Windows Server 2003
Audit: Audit the accesss of global system objects At least Windows XP SP2, Windows Server 2003
Audit: Audit the use of Backup and Restore privilege At least Windows XP SP2, Windows Server 2003
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings At least Windows Vista, Windows Server 2008
Audit: Shut down system immediately if unable to log security audits At least Windows XP SP2, Windows Server 2003
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003
Devices: Allow undock without having to log on At least Windows XP SP2, Windows Server 2003
Devices: Allowed to format and eject removable media At least Windows XP SP2, Windows Server 2003
Devices: Prevent users from installing printer drivers At least Windows XP SP2, Windows Server 2003
Devices: Restrict CD-ROM access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Restrict floppy access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Unsigned driver installation behavior Only Windows XP SP2, Windows Server 2003
Domain controller: Allow server operators to schedule tasks At least Windows XP SP2, Windows Server 2003
Domain controller: LDAP server signing requirements At least Windows XP SP2, Windows Server 2003
Domain controller: Refuse machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt or sign secure channel data (always) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally sign secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Disable machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Maximum machine account password age At least Windows XP SP2, Windows Server 2003
Domain member: Require strong (Windows 2000 or later) session key At least Windows XP SP2, Windows Server 2003
Interactive logon: Do not display last user name At least Windows XP SP2, Windows Server 2003
Interactive Logon: Display user information when session is locked At least Windows Vista, Windows Server 2008
Interactive logon: Do not require CTRL+ALT+DEL At least Windows XP SP2, Windows Server 2003
Interactive logon: Machine account lockout threshold Windows 8, Windows Server 2012
Interactive logon: Machine inactivity limit Windows 8, Windows Server 2012
Interactive logon: Message text for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Message title for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Number of previous logons to cache (in case domain controller is not available) At least Windows XP SP2, Windows Server 2003
Interactive logon: Prompt user to change password before expiration At least Windows XP SP2, Windows Server 2003
Interactive logon: Require Domain Controller authentication to unlock workstationAt least Windows XP SP2, Windows Server 2003
Interactive logon: Require smart card At least Windows XP SP2, Windows Server 2003
Interactive logon: Smart card removal behavior At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (if server agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Send unencrypted password to third-party SMB serversAt least Windows XP SP2, Windows Server 2003
Microsoft network server: Amount of idle time required before suspending session At least Windows XP SP2, Windows Server 2003
Microsoft network server: Attempt S4U2Self to obtain claim information Windows 8, Windows Server 2012
Microsoft network server: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Digitally sign communications (if client agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Disconnect clients when logon hours expire At least Windows XP SP2, Windows Server 2003
Microsoft network server: Server SPN target name validation level At least Windows 7, Windows Server 2008 R2
Network access: Allow anonymous SID/Name translation At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts and shares At least Windows XP SP2, Windows Server 2003
Network access: Do not allow storage of passwords and credentials for network authentication At least Windows XP SP2, Windows Server 2003
Network access: Let Everyone permissions apply to anonymous users At least Windows XP SP2, Windows Server 2003
Network access: Named Pipes that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths and sub-paths At least Windows XP SP2, Windows Server 2003
Network access: Restrict anonymous access to Named Pipes and Shares At least Windows XP SP2, Windows Server 2003
Network access: Shares that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Sharing and security model for local accounts At least Windows XP SP2, Windows Server 2003
Network security: Do not store LAN Manager hash value on next password change At least Windows XP SP2, Windows Server 2003
Network security: Force logoff when logon hours expire At least Windows XP SP2, Windows Server 2003
Network security: LAN Manager authentication level At least Windows XP SP2, Windows Server 2003
Network security: LDAP client signing requirements At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers At least Windows XP SP2, Windows Server 2003
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Incoming NTLM traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit Incoming NTLM Traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add server exceptions in this domain At least Windows 7, Windows Server 2008 R2
Network security: Allow LocalSystem NULL session fallback At least Windows 7, Windows Server 2008 R2
Network security: Allow Local System to use computer identity for NTLM At least Windows 7, Windows Server 2008 R2
Network security: Allow PKU2U authentication requests to this computer to use online identities. At least Windows 7, Windows Server 2008 R2
Network security: Configure encryption types allowed for Kerberos At least Windows 7, Windows Server 2008 R2
Recovery console: Allow automatic administrative logon At least Windows XP SP2, Windows Server 2003
Recovery console: Allow floppy copy and access to all drives and all folders At least Windows XP SP2, Windows Server 2003
Shutdown: Allow system to be shut down without having to log on At least Windows XP SP2, Windows Server 2003
Shutdown: Clear virtual memory pagefile At least Windows XP SP2, Windows Server 2003
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing At least Windows XP SP2, Windows Server 2003
System cryptography: Force strong key protection for user keys stored on the computer At least Windows XP SP2, Windows Server 2003
System objects: Default owner for objects created by members of the Administrators group At least Windows XP SP2, Windows Server 2003
System objects: Require case insensitivity for non-Windows subsystems At least Windows XP SP2, Windows Server 2003
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) Windows XP SP2, Windows Server 2003
System settings: Optional subsystems At least Windows Vista, Windows Server 2003
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies At least Windows Vista, Windows Server 2003
User Account Control: Admin Approval Mode for the Built-in Administrator account At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for standard users At least Windows Vista, Windows Server 2008
User Account Control: Detect application installations and prompt for elevation At least Windows Vista, Windows Server 2008
User Account Control: Only elevate executables that are signed and validated At least Windows Vista, Windows Server 2008
User Account Control: Only elevate UIAccess applications that are installed in
secure locations
At least Windows Vista, Windows Server 2008
User Account Control: Run all administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Switch to the secure desktop when prompting for elevation At least Windows Vista, Windows Server 2008
User Account Control: Virtualize file and registry write failures to per-user locations At least Windows Vista, Windows Server 2008
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. At least Windows Vista, Windows Server 2008
Maximum application log size Only Windows XP SP2, Windows Server 2003
Maximum security log size Only Windows XP SP2, Windows Server 2003
Maximum system log size Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing application log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing security log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing system log Only Windows XP SP2, Windows Server 2003
Retain application log Only Windows XP SP2, Windows Server 2003
Retain security log Only Windows XP SP2, Windows Server 2003
Retain system log Only Windows XP SP2, Windows Server 2003
Retention method for application log Only Windows XP SP2, Windows Server 2003
Retention method for security log Only Windows XP SP2, Windows Server 2003
Retention method for system log Only Windows XP SP2, Windows Server 2003
Restricted Groups Only Windows XP SP2, Windows Server 2003
System Services Only Windows XP SP2, Windows Server 2003
Registry Only Windows XP SP2, Windows Server 2003
File System Only Windows XP SP2, Windows Server 2003
Registry Settings
Password Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
User Rights security settings are not registry keys
Not a registry key
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswo
rdUse
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditi
ng
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLega
cyAuditPolicy
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineAccessRestriction
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineLaunchRestriction
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst
em\UndockWithoutLogon
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMa
n Print Services\Servers\AddPrinterDrivers
NT\CurrentVersion\Winlogon\AllocateCDRoms
NT\CurrentVersion\Winlogon\AllocateFloppies
MACHINE\Software\Microsoft\Driver Signing\Policy
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\L
DAPServerIntegrity
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
\RefusePasswordChange
\RequireSignOrSeal
\SealSecureChannel
\SignSecureChannel
\DisablePasswordChange
\MaximumPasswordAge
\RequireStrongKey
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Syste
m, value=DontDisplayLockedUserId
em\DisableCAD
Not a registry key
Not a registry key
em\LegalNoticeText
em\LegalNoticeCaption
NT\CurrentVersion\Winlogon\CachedLogonsCount
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
NT\CurrentVersion\Winlogon\ForceUnlockLogon
em\ScForceOption
NT\CurrentVersion\Winlogon\ScRemoveOption
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\
Parameters\RequireSecuritySignature
Parameters\EnableSecuritySignature
Parameters\EnablePlainTextPassword
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\AutoDisconnect
Not a registry key
meters\RequireSecuritySignature
meters\EnableSecuritySignature
meters\EnableForcedLogOff
meters\SmbServerNameHardeningLevel
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
sSAM
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
s
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCre
ds
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludes
Anonymous
meters\NullSessionPipes
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
meters\NullSessionShares
meters\NullSessionShares
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomain
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServers
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServers
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownulls
essionfallback
MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId
MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnline
ID
em\Kerberos\Parameters\SupportedEncryptionTypes
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
em\ShutdownWithoutLogon
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPoli
cy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtec
tion
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminO
wner
Manager\Kernel\ObCaseInsensitive
Manager\ProtectionMode
Manager\SubSystems\optional
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifier
s\AuthenticodeEnabled
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Filt
erAdministratorToken
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorUser
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En
ableInstallerDetection
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Val
idateAdminCodeSignatures
ableSecureUIAPaths
ableLUA
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Pro
mptOnSecureDesktop
ableVirtualization
ableUIADesktopToggle
Event Log security settings are not registry keys.
Restricted Groups policy settings are not registry keys.
System Services policy settings are not registry keys.
not a registry key
File System policy settings are not registry keys.
Help Text
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirements
Store passwords using reversible encryption
Account lockout duration
Account lockout threshold
Reset account lockout counter after
Enforce user logon restrictions
Maximum lifetime for service ticket
Maximum lifetime for user ticket
Maximum lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
Access this computer from the network
This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon.
Users saved credentials might be compromised if this privilege is given to other entities.
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the Time Zone
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Create Symbolic Links
Debug programs
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase a process working set
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify an object label
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects
Accounts: Administrator account status
Accounts: Block Microsoft accounts
Accounts: Guest account status
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Rename administrator account
Accounts: Rename guest account
Audit: Audit the access of global system objects
Audit: Audit the use of Backup and Restore privilege
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.
Audit: Shut down system immediately if unable to log security audits
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on
Devices: Allowed to format and eject removable media
Devices: Prevent users from installing printer drivers when connecting to shared printers
Devices: Restrict CD-ROM access to locally logged-on user only
Devices: Restrict floppy access to locally logged-on user only
Devices: Unsigned driver installation behavior
Domain controller: Allow server operators to schedule tasks
Domain controller: LDAP server signing requirements
Domain controller: Refuse machine account password changes
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Domain member: Maximum machine account password age
Domain member: Require strong (Windows 2000 or later) session key
Interactive logon: Do not display last user name
This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.
Interactive Logon: Display user information when session is locked
Interactive logon: Do not require CTRL+ALT+DEL
Interactive logon: Machine account threshold.
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that
Interactive logon: Machine inactivity limit.
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Prompt user to change password before expiration
Interactive logon: Require Domain Controller authentication to unlock
Interactive logon: Require smart card
Interactive logon: Smart card removal behavior
Microsoft network client: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Send unencrypted password to connect to third-party SMB servers
Microsoft network server: Amount of idle time required before suspending a session
Microsoft network server: Attempt S4U2Self to obtain claim information
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Microsoft network server: Disconnect clients when logon hours expire
Microsoft network server: Server SPN target name validation level

Network access: Allow anonymous SID/name translation
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Do not allow storage of credentials or .NET Passports for network authentication
Network access: Let Everyone permissions apply to anonymous users
Network access: Named pipes that can be accessed anonymously
Network access: Remotely accessible registry paths
Network access: Remotely accessible registry paths and subpaths
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Shares that can be accessed anonymously
Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change
Network security: Force logoff when logon hours expire
Network security: LAN Manager authentication level

Network security: LDAP client signing requirements
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security: Restrict NTLM: Incoming NTLM traffic
Network security: Restrict NTLM: Audit Incoming NTLM Traffic
Network security: Restrict NTLM: NTLM authentication in this domain
Network security: Restrict NTLM: Audit NTLM authentication in this domain
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
Network security: Restrict NTLM: Add server exceptions in this domain
Network security: Allow LocalSystem NULL session fallback
Network security: Allow Local System to use computer identity for NTLM
Network security: Allow PKU2U authentication requests to this computer to use online identities.
Network security: Configure encryption types allowed for Kerberos
Recovery console: Allow automatic administrative logon
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile
System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
System Cryptography: Force strong key protection for user keys stored on the computer
System objects: Default owner for objects created by members of the Administrators group
Description
System objects: Require case insensitivity for non-Windows subsystems
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)
System settings: Optional subsystems
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Behavior of the elevation prompt for standard users
This security setting determines the behavior of the elevation prompt for standard users
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Run all users, including administrators, as standard users.
User Account Control: Switch to the secure desktop when prompting for elevation
User Account Control: Virtualizes file and registry write failures to per-user locations
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
Maximum application log size
Maximum security log size
Maximum system log size
Prevent local guests group and ANONYMOUS LOGIN users from accessing application log
Prevent local guests group and ANONYMOUS LOGIN users from accessing security log
Prevent local guests group and ANONYMOUS LOGIN users from accessing system log
Retain application log
Retain security log
Retain system log
Retention method for application log
Retention method for security log
Retention method for system log
Restricted Groups
System Services security settings
Registry security settings
File System security settings
Reboot
Required
Comments
No
No
No
No
No
No
No
No
No
No clients will get the new
setting after a maximum
No
No
No
No
No
No
No
No
No
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Note: In Windows 2000
Server, Windows 2000
No Logoff required
No Note: See also the
corresponding Windows
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No
No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No For the policy change to
take effect, the spooler
No
No
No
Yes Restart of service might
be sufficient
No
No
No Important: In order to
take advantage of this
No
No
No
No Important: This setting
applies to Windows
No
No
No
No
No
No
No
No
No
applies to Windows
will apply to any
No Only LogOff is required
for W2K, XP and W2K3
Yes Important: For this
policy to take effect on
Yes
Yes
Yes
No
Yes Important: For this
policy to take effect on
No
No
No
No
No Important: This policy
has no impact on
No
No
No
Yes
No Important: The
Network access:
No Important: On
Windows XP, this
Yes
Yes
only affects computers
No Important: Windows
2000 Service Pack 2
No
can affect the ability of
Yes
No Warning: This setting
will apply to any
No Warning: This setting
will apply to any
No
No
No
No
No
No
No
No
No
No
No
No Require restart of
recovery console
No
Require restart of
recovery console
No Requires logoff
Yes Vista does NOT require
reboot
No
Yes Requires reboot with
CNG on Vista; Does not
No This policy does not
exist on Vista
Yes
Yes
Yes
No
No
No
No
No
No
No
Yes
No
No
No
No Note: This setting does
not appear in the Local
No Notes: This setting
does not appear in the
Note: This setting does

Windows Server 2012 and Windows 8 Group Policy Settings

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Windows Server 2012 and Windows 8 Group Policy Settings

Hochgeladen von

Copyright:

Verfügbare Formate

Group Policy Settings Reference

Windows Server 2012 and Windows 8

Das könnte Ihnen auch gefallen